You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
116 lines
4.1 KiB
116 lines
4.1 KiB
8 months ago
|
From a82cf4abc81722706b4466e65c1a05f997cf9fdc Mon Sep 17 00:00:00 2001
|
||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||
|
Date: Mon, 9 Jul 2018 07:38:10 +0200
|
||
|
Subject: [PATCH] bus-message: use structured initialization to avoid use of
|
||
|
unitialized memory
|
||
|
|
||
|
As far as I can see, we would either reuse some values from a previously exited
|
||
|
container or just random bytes from the heap.
|
||
|
|
||
|
Should fix #10127.
|
||
|
|
||
|
(cherry picked from commit cf81c68e96aa29d0c28b5d3a26d1de9aa1b53b85)
|
||
|
|
||
|
Resolves: #1696224
|
||
|
---
|
||
|
src/libsystemd/sd-bus/bus-message.c | 59 +++++++++++++----------------
|
||
|
1 file changed, 27 insertions(+), 32 deletions(-)
|
||
|
|
||
|
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
|
||
|
index 780c8c6185..7f87d018fb 100644
|
||
|
--- a/src/libsystemd/sd-bus/bus-message.c
|
||
|
+++ b/src/libsystemd/sd-bus/bus-message.c
|
||
|
@@ -1956,7 +1956,7 @@ _public_ int sd_bus_message_open_container(
|
||
|
char type,
|
||
|
const char *contents) {
|
||
|
|
||
|
- struct bus_container *c, *w;
|
||
|
+ struct bus_container *c;
|
||
|
uint32_t *array_size = NULL;
|
||
|
_cleanup_free_ char *signature = NULL;
|
||
|
size_t before, begin = 0;
|
||
|
@@ -2001,17 +2001,14 @@ _public_ int sd_bus_message_open_container(
|
||
|
return r;
|
||
|
|
||
|
/* OK, let's fill it in */
|
||
|
- w = m->containers + m->n_containers++;
|
||
|
- w->enclosing = type;
|
||
|
- w->signature = TAKE_PTR(signature);
|
||
|
- w->peeked_signature = NULL;
|
||
|
- w->index = 0;
|
||
|
- w->array_size = array_size;
|
||
|
- w->before = before;
|
||
|
- w->begin = begin;
|
||
|
- w->n_offsets = w->offsets_allocated = 0;
|
||
|
- w->offsets = NULL;
|
||
|
- w->need_offsets = need_offsets;
|
||
|
+ m->containers[m->n_containers++] = (struct bus_container) {
|
||
|
+ .enclosing = type,
|
||
|
+ .signature = TAKE_PTR(signature),
|
||
|
+ .array_size = array_size,
|
||
|
+ .before = before,
|
||
|
+ .begin = begin,
|
||
|
+ .need_offsets = need_offsets,
|
||
|
+ };
|
||
|
|
||
|
return 0;
|
||
|
}
|
||
|
@@ -3980,10 +3977,10 @@ static int bus_message_enter_dict_entry(
|
||
|
_public_ int sd_bus_message_enter_container(sd_bus_message *m,
|
||
|
char type,
|
||
|
const char *contents) {
|
||
|
- struct bus_container *c, *w;
|
||
|
+ struct bus_container *c;
|
||
|
uint32_t *array_size = NULL;
|
||
|
_cleanup_free_ char *signature = NULL;
|
||
|
- size_t before;
|
||
|
+ size_t before, end;
|
||
|
_cleanup_free_ size_t *offsets = NULL;
|
||
|
size_t n_offsets = 0, item_size = 0;
|
||
|
int r;
|
||
|
@@ -4062,28 +4059,26 @@ _public_ int sd_bus_message_enter_container(sd_bus_message *m,
|
||
|
return r;
|
||
|
|
||
|
/* OK, let's fill it in */
|
||
|
- w = m->containers + m->n_containers++;
|
||
|
- w->enclosing = type;
|
||
|
- w->signature = TAKE_PTR(signature);
|
||
|
- w->peeked_signature = NULL;
|
||
|
- w->index = 0;
|
||
|
-
|
||
|
- w->before = before;
|
||
|
- w->begin = m->rindex;
|
||
|
-
|
||
|
- /* Unary type has fixed size of 1, but virtual size of 0 */
|
||
|
if (BUS_MESSAGE_IS_GVARIANT(m) &&
|
||
|
type == SD_BUS_TYPE_STRUCT &&
|
||
|
isempty(signature))
|
||
|
- w->end = m->rindex + 0;
|
||
|
+ end = m->rindex + 0;
|
||
|
else
|
||
|
- w->end = m->rindex + c->item_size;
|
||
|
-
|
||
|
- w->array_size = array_size;
|
||
|
- w->item_size = item_size;
|
||
|
- w->offsets = TAKE_PTR(offsets);
|
||
|
- w->n_offsets = n_offsets;
|
||
|
- w->offset_index = 0;
|
||
|
+ end = m->rindex + c->item_size;
|
||
|
+
|
||
|
+ m->containers[m->n_containers++] = (struct bus_container) {
|
||
|
+ .enclosing = type,
|
||
|
+ .signature = TAKE_PTR(signature),
|
||
|
+
|
||
|
+ .before = before,
|
||
|
+ .begin = m->rindex,
|
||
|
+ /* Unary type has fixed size of 1, but virtual size of 0 */
|
||
|
+ .end = end,
|
||
|
+ .array_size = array_size,
|
||
|
+ .item_size = item_size,
|
||
|
+ .offsets = TAKE_PTR(offsets),
|
||
|
+ .n_offsets = n_offsets,
|
||
|
+ };
|
||
|
|
||
|
return 1;
|
||
|
}
|