diff options
| author | Chengwei Yang <chengwei.yang@intel.com> | 2013-06-29 11:56:20 +0800 |
|---|---|---|
| committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2013-07-01 12:09:02 +0100 |
| commit | 32e5cab56a6707cf897f918999720ff7e455255e (patch) | |
| tree | f4c55cd73b86efe2a4914f5f0474c5e241f86c77 /dbus/dbus-address.c | |
| parent | 160fbc9ec110fc3aa691b86971b50ee8dc740783 (diff) | |
| download | dbus-32e5cab56a6707cf897f918999720ff7e455255e.tar.gz | |
Fix: a non ascii byte will trigger BadAddress error
If a byte in DBusString *unescaped isn't a ascii byte, which will be
cast to char (signed char on most of platform), so that's the issue
unsigned char cast to signed char. e.g. "\303\266" is a valid unicode
character, if everything goes right, it will be escaped to "%c3%b6".
However, in fact, it escaped to "%<garbage-byte>3%<garbage-byte>6".
_dbus_string_append_byte_as_hex() take an int parameter, so negative
byte is valid, but cause get a negative index in array. So garbage value
will get. e.g. '\303' --> hexdigits[((signed byte)(-61)) >> 4] is
hexdigits[-4].
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=53499
Sgne-off-by: Chengwei Yang <chengwei.yang@intel.com>
[fixed whitespace -smcv]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Diffstat (limited to 'dbus/dbus-address.c')
| -rw-r--r-- | dbus/dbus-address.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/dbus/dbus-address.c b/dbus/dbus-address.c index 90484dc1..f3d48d0a 100644 --- a/dbus/dbus-address.c +++ b/dbus/dbus-address.c @@ -104,15 +104,15 @@ dbus_bool_t _dbus_address_append_escaped (DBusString *escaped, const DBusString *unescaped) { - const char *p; - const char *end; + const unsigned char *p; + const unsigned char *end; dbus_bool_t ret; int orig_len; ret = FALSE; orig_len = _dbus_string_get_length (escaped); - p = _dbus_string_get_const_data (unescaped); + p = (const unsigned char *) _dbus_string_get_const_data (unescaped); end = p + _dbus_string_get_length (unescaped); while (p != end) { |