Clean out some more _cupsStr cruft that might potentially cause an

unaligned memory access (Issue #5474) Don't directly use the string pool in the CGI programs or scheduler.
author: Michael R Sweet <michael.r.sweet@gmail.com> 2019-01-21 16:03:08 -0500
committer: Michael R Sweet <michael.r.sweet@gmail.com> 2019-01-21 16:03:08 -0500
commit: 86c184ff348add8bb4dbb2d9f5df3054c92d0130 (patch)
tree: 70b2475b8582291899d824ff21ba6c9cfde4aa8d /cgi-bin
parent: e5dfea4c0447f57f37a07d3f49833ab051882e76 (diff)
download: cups-86c184ff348add8bb4dbb2d9f5df3054c92d0130.tar.gz
2 files changed, 26 insertions, 28 deletions
diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c
index 0111d2dd6..f8c7e157b 100644
--- a/cgi-bin/admin.c
+++ b/cgi-bin/admin.c
@@ -562,7 +562,7 @@ do_am_class(http_t *http,		/* I - HTTP connection */
     attr = ippAddStrings(request, IPP_TAG_PRINTER, IPP_TAG_URI, "member-uris",
                          num_printers, NULL, NULL);
     for (i = 0; i < num_printers; i ++)
-      attr->values[i].string.text = _cupsStrAlloc(cgiGetArray("MEMBER_URIS", i));
+      ippSetString(request, &attr, i, cgiGetArray("MEMBER_URIS", i));
   }
 
  /*
@@ -2123,7 +2123,7 @@ do_list_printers(http_t *http)		/* I - HTTP connection */
          attr;
 	 attr = ippFindNextAttribute(response, "device-uri", IPP_TAG_URI))
     {
-      cupsArrayAdd(printer_devices, _cupsStrAlloc(attr->values[0].string.text));
+      cupsArrayAdd(printer_devices, strdup(attr->values[0].string.text));
     }
 
    /*
@@ -2261,7 +2261,7 @@ do_list_printers(http_t *http)		/* I - HTTP connection */
       for (printer_device = (char *)cupsArrayFirst(printer_devices);
            printer_device;
 	   printer_device = (char *)cupsArrayNext(printer_devices))
-        _cupsStrFree(printer_device);
+        free(printer_device);
 
       cupsArrayDelete(printer_devices);
     }
@@ -2658,7 +2658,7 @@ do_set_allowed_users(http_t *http)	/* I - HTTP connection */
         * Add the name...
 	*/
 
-        attr->values[i].string.text = _cupsStrAlloc(ptr);
+        ippSetString(request, &attr, i, ptr);
 
        /*
         * Advance to the next name...
@@ -3467,8 +3467,8 @@ do_set_options(http_t *http,		/* I - HTTP connection */
 
     attr = ippAddStrings(request, IPP_TAG_PRINTER, IPP_TAG_NAME,
                          "job-sheets-default", 2, NULL, NULL);
-    attr->values[0].string.text = _cupsStrAlloc(cgiGetVariable("job_sheets_start"));
-    attr->values[1].string.text = _cupsStrAlloc(cgiGetVariable("job_sheets_end"));
+    ippSetString(request, &attr, 0, cgiGetVariable("job_sheets_start"));
+    ippSetString(request, &attr, 1, cgiGetVariable("job_sheets_end"));
 
     if ((var = cgiGetVariable("printer_error_policy")) != NULL)
       ippAddString(request, IPP_TAG_PRINTER, IPP_TAG_NAME,
diff --git a/cgi-bin/var.c b/cgi-bin/var.c
index 12f3c8344..21b3c5308 100644
--- a/cgi-bin/var.c
+++ b/cgi-bin/var.c
@@ -1,8 +1,8 @@
 /*
  * CGI form variable and array functions for CUPS.
  *
- * Copyright 2007-2015 by Apple Inc.
- * Copyright 1997-2005 by Easy Software Products.
+ * Copyright © 2007-2019 by Apple Inc.
+ * Copyright © 1997-2005 by Easy Software Products.
  *
  * Licensed under Apache License v2.0.  See the file "LICENSE" for more information.
  */
@@ -29,10 +29,10 @@
 
 typedef struct				/**** Form variable structure ****/
 {
-  const char	*name;			/* Name of variable */
+  char		*name;			/* Name of variable */
   int		nvalues,		/* Number of values */
 		avalues;		/* Number of values allocated */
-  const char	**values;		/* Value(s) of variable */
+  char		**values;		/* Value(s) of variable */
 } _cgi_var_t;
 
 
@@ -135,10 +135,10 @@ cgiClearVariables(void)
 
   for (v = form_vars, i = form_count; i > 0; v ++, i --)
   {
-    _cupsStrFree(v->name);
+    free(v->name);
     for (j = 0; j < v->nvalues; j ++)
       if (v->values[j])
-        _cupsStrFree(v->values[j]);
+        free(v->values[j]);
   }
 
   form_count = 0;
@@ -164,7 +164,7 @@ cgiGetArray(const char *name,		/* I - Name of array variable */
   if (element < 0 || element >= var->nvalues)
     return (NULL);
 
-  return (_cupsStrRetain(var->values[element]));
+  return (strdup(var->values[element]));
 }
 
 
@@ -222,7 +222,7 @@ cgiGetVariable(const char *name)	/* I - Name of variable */
 
   var = cgi_find_variable(name);
 
-  return ((var == NULL) ? NULL : _cupsStrRetain(var->values[var->nvalues - 1]));
+  return ((var == NULL) ? NULL : strdup(var->values[var->nvalues - 1]));
 }
 
 
@@ -370,10 +370,9 @@ cgiSetArray(const char *name,		/* I - Name of variable */
   {
     if (element >= var->avalues)
     {
-      const char **temp;		/* Temporary pointer */
+      char **temp;			/* Temporary pointer */
 
-      temp = (const char **)realloc((void *)(var->values),
-                                    sizeof(char *) * (size_t)(element + 16));
+      temp = (char **)realloc((void *)(var->values), sizeof(char *) * (size_t)(element + 16));
       if (!temp)
         return;
 
@@ -389,9 +388,9 @@ cgiSetArray(const char *name,		/* I - Name of variable */
       var->nvalues = element + 1;
     }
     else if (var->values[element])
-      _cupsStrFree((char *)var->values[element]);
+      free((char *)var->values[element]);
 
-    var->values[element] = _cupsStrAlloc(value);
+    var->values[element] = strdup(value);
   }
 }
 
@@ -448,10 +447,9 @@ cgiSetSize(const char *name,		/* I - Name of variable */
 
   if (size >= var->avalues)
   {
-    const char **temp;			/* Temporary pointer */
+    char **temp;			/* Temporary pointer */
 
-    temp = (const char **)realloc((void *)(var->values),
-				  sizeof(char *) * (size_t)(size + 16));
+    temp = (char **)realloc((void *)(var->values), sizeof(char *) * (size_t)(size + 16));
     if (!temp)
       return;
 
@@ -468,7 +466,7 @@ cgiSetSize(const char *name,		/* I - Name of variable */
   {
     for (i = size; i < var->nvalues; i ++)
       if (var->values[i])
-        _cupsStrFree((void *)(var->values[i]));
+        free((void *)(var->values[i]));
   }
 
   var->nvalues = size;
@@ -503,9 +501,9 @@ cgiSetVariable(const char *name,	/* I - Name of variable */
   {
     for (i = 0; i < var->nvalues; i ++)
       if (var->values[i])
-        _cupsStrFree((char *)var->values[i]);
+        free((char *)var->values[i]);
 
-    var->values[0] = _cupsStrAlloc(value);
+    var->values[0] = strdup(value);
     var->nvalues   = 1;
   }
 }
@@ -548,10 +546,10 @@ cgi_add_variable(const char *name,	/* I - Variable name */
   if ((var->values = calloc((size_t)element + 1, sizeof(char *))) == NULL)
     return;
 
-  var->name            = _cupsStrAlloc(name);
+  var->name            = strdup(name);
   var->nvalues         = element + 1;
   var->avalues         = element + 1;
-  var->values[element] = _cupsStrAlloc(value);
+  var->values[element] = strdup(value);
 
   form_count ++;
 }
@@ -583,7 +581,7 @@ cgi_find_variable(const char *name)	/* I - Name of variable */
   if (form_count < 1 || name == NULL)
     return (NULL);
 
-  key.name = name;
+  key.name = (char *)name;
 
   return ((_cgi_var_t *)bsearch(&key, form_vars, (size_t)form_count, sizeof(_cgi_var_t),
                            (int (*)(const void *, const void *))cgi_compare_variables));
author	Michael R Sweet <michael.r.sweet@gmail.com>	2019-01-21 16:03:08 -0500
committer	Michael R Sweet <michael.r.sweet@gmail.com>	2019-01-21 16:03:08 -0500
commit	86c184ff348add8bb4dbb2d9f5df3054c92d0130 (patch)
tree	70b2475b8582291899d824ff21ba6c9cfde4aa8d /cgi-bin
parent	e5dfea4c0447f57f37a07d3f49833ab051882e76 (diff)
download	cups-86c184ff348add8bb4dbb2d9f5df3054c92d0130.tar.gz