fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-01-07 13:30:25 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Avoid reading beyond the length of a variable

Browse source 
Appending &some as DBUS_TYPE_INT64, DBUS_TYPE_UINT64 or DBUS_TYPE_DOUBLE,
where "some" is an int, reads beyond the bounds of that variable.
Use a zero-filled DBusBasicValue instead.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=30350
This commit is contained in:
Simon McVittie 2013-08-27 19:16:42 +01:00
parent c8b2d74503
commit b9a5ea27f9
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
dbus/dbus-message-util.c
View file

@ -1611,10 +1611,14 @@ _dbus_message_test (const char *test_data_dir)
/* Test enumeration of array elements */
for (i = strlen (basic_types) - 1; i > 0; i--)
{
DBusBasicValue val;
int some;
char* signature = _dbus_strdup ("?");
signature[0] = basic_types[i];
s = "SomeThingToSay";
memset (&val, '\0', sizeof (val));
message = dbus_message_new_method_call ("de.ende.test",
"/de/ende/test", "de.ende.Test", "ArtistName");
_dbus_assert (message != NULL);
@ -1626,7 +1630,7 @@ _dbus_message_test (const char *test_data_dir)
if (basic_types[i] == DBUS_TYPE_STRING)
dbus_message_iter_append_basic (&array_iter, DBUS_TYPE_STRING, &s);
else
dbus_message_iter_append_basic (&array_iter, basic_types[i], &some);
dbus_message_iter_append_basic (&array_iter, basic_types[i], &val);
}
dbus_message_iter_close_container (&iter, &array_iter);
dbus_message_iter_init (message, &iter);