mirror of
https://github.com/systemd/systemd.git
synced 2025-01-11 09:18:07 +03:00
bus-message: fix calculation of offsets table for arrays
This is similar to the grandparent commit 'fix calculation of offsets table', except that now the change is for array elements. Same story as before: we need to make sure that the offsets increase enough taking alignment into account. While at it, rename 'p' to 'previous' to match similar code in other places.
This commit is contained in:
parent
4d82a8d505
commit
f88214cf9d
@ -3507,7 +3507,7 @@ static int bus_message_enter_array(
|
||||
|
||||
size_t rindex;
|
||||
void *q;
|
||||
int r, alignment;
|
||||
int r;
|
||||
|
||||
assert(m);
|
||||
assert(c);
|
||||
@ -3533,6 +3533,7 @@ static int bus_message_enter_array(
|
||||
|
||||
if (!BUS_MESSAGE_IS_GVARIANT(m)) {
|
||||
/* dbus1 */
|
||||
int alignment;
|
||||
|
||||
r = message_peek_body(m, &rindex, 4, 4, &q);
|
||||
if (r < 0)
|
||||
@ -3566,7 +3567,8 @@ static int bus_message_enter_array(
|
||||
*n_offsets = 0;
|
||||
|
||||
} else {
|
||||
size_t where, p = 0, framing, sz;
|
||||
size_t where, previous = 0, framing, sz;
|
||||
int alignment;
|
||||
unsigned i;
|
||||
|
||||
/* gvariant: variable length array */
|
||||
@ -3594,17 +3596,22 @@ static int bus_message_enter_array(
|
||||
if (!*offsets)
|
||||
return -ENOMEM;
|
||||
|
||||
alignment = bus_gvariant_get_alignment(c->signature);
|
||||
assert(alignment > 0);
|
||||
|
||||
for (i = 0; i < *n_offsets; i++) {
|
||||
size_t x;
|
||||
size_t x, start;
|
||||
|
||||
start = ALIGN_TO(previous, alignment);
|
||||
|
||||
x = bus_gvariant_read_word_le((uint8_t*) q + i * sz, sz);
|
||||
if (x > c->item_size - sz)
|
||||
return -EBADMSG;
|
||||
if (x < p)
|
||||
if (x < start)
|
||||
return -EBADMSG;
|
||||
|
||||
(*offsets)[i] = rindex + x;
|
||||
p = x;
|
||||
previous = x;
|
||||
}
|
||||
|
||||
*item_size = (*offsets)[0] - rindex;
|
||||
|
Binary file not shown.
Loading…
Reference in New Issue
Block a user