diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-07-09 07:38:10 +0200 |
|---|---|---|
| committer | Lukáš Nykrýn <lnykryn@redhat.com> | 2019-05-03 12:50:30 +0200 |
| commit | a82cf4abc81722706b4466e65c1a05f997cf9fdc (patch) | |
| tree | 52d2e84f703719b349ad308ae97ec0b1771673c4 | |
| parent | 9a6a36b44ad131036fef5c91edc86c842c9821ba (diff) | |
| download | systemd-a82cf4abc81722706b4466e65c1a05f997cf9fdc.tar.gz | |
bus-message: use structured initialization to avoid use of unitialized memory
As far as I can see, we would either reuse some values from a previously exited
container or just random bytes from the heap.
Should fix #10127.
(cherry picked from commit cf81c68e96aa29d0c28b5d3a26d1de9aa1b53b85)
Resolves: #1696224
| -rw-r--r-- | src/libsystemd/sd-bus/bus-message.c | 59 |
1 files changed, 27 insertions, 32 deletions
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c index 780c8c6185..7f87d018fb 100644 --- a/src/libsystemd/sd-bus/bus-message.c +++ b/src/libsystemd/sd-bus/bus-message.c @@ -1956,7 +1956,7 @@ _public_ int sd_bus_message_open_container( char type, const char *contents) { - struct bus_container *c, *w; + struct bus_container *c; uint32_t *array_size = NULL; _cleanup_free_ char *signature = NULL; size_t before, begin = 0; @@ -2001,17 +2001,14 @@ _public_ int sd_bus_message_open_container( return r; /* OK, let's fill it in */ - w = m->containers + m->n_containers++; - w->enclosing = type; - w->signature = TAKE_PTR(signature); - w->peeked_signature = NULL; - w->index = 0; - w->array_size = array_size; - w->before = before; - w->begin = begin; - w->n_offsets = w->offsets_allocated = 0; - w->offsets = NULL; - w->need_offsets = need_offsets; + m->containers[m->n_containers++] = (struct bus_container) { + .enclosing = type, + .signature = TAKE_PTR(signature), + .array_size = array_size, + .before = before, + .begin = begin, + .need_offsets = need_offsets, + }; return 0; } @@ -3980,10 +3977,10 @@ static int bus_message_enter_dict_entry( _public_ int sd_bus_message_enter_container(sd_bus_message *m, char type, const char *contents) { - struct bus_container *c, *w; + struct bus_container *c; uint32_t *array_size = NULL; _cleanup_free_ char *signature = NULL; - size_t before; + size_t before, end; _cleanup_free_ size_t *offsets = NULL; size_t n_offsets = 0, item_size = 0; int r; @@ -4062,28 +4059,26 @@ _public_ int sd_bus_message_enter_container(sd_bus_message *m, return r; /* OK, let's fill it in */ - w = m->containers + m->n_containers++; - w->enclosing = type; - w->signature = TAKE_PTR(signature); - w->peeked_signature = NULL; - w->index = 0; - - w->before = before; - w->begin = m->rindex; - - /* Unary type has fixed size of 1, but virtual size of 0 */ if (BUS_MESSAGE_IS_GVARIANT(m) && type == SD_BUS_TYPE_STRUCT && isempty(signature)) - w->end = m->rindex + 0; + end = m->rindex + 0; else - w->end = m->rindex + c->item_size; - - w->array_size = array_size; - w->item_size = item_size; - w->offsets = TAKE_PTR(offsets); - w->n_offsets = n_offsets; - w->offset_index = 0; + end = m->rindex + c->item_size; + + m->containers[m->n_containers++] = (struct bus_container) { + .enclosing = type, + .signature = TAKE_PTR(signature), + + .before = before, + .begin = m->rindex, + /* Unary type has fixed size of 1, but virtual size of 0 */ + .end = end, + .array_size = array_size, + .item_size = item_size, + .offsets = TAKE_PTR(offsets), + .n_offsets = n_offsets, + }; return 1; } |