[dconf] dconf update: don't access before start of string

From: Ryan Lortie <ryanl src gnome org>
To: commits-list gnome org
Cc:
Subject: [dconf] dconf update: don't access before start of string
Date: Tue, 1 Nov 2011 13:49:36 +0000 (UTC)

commit 094151937b8f4b22a9a1347d3c875c4ce8841db2
Author: Ryan Lortie <desrt desrt ca>
Date:   Mon Oct 31 19:08:41 2011 -0400

    dconf update: don't access before start of string
    
    Fix a crash caused by attempting to dereference index -1 of a string.
    
    This is very obviously a bug, but has only become a problem on OpenBSD
    where the allocator will apparently hand out addresses at the very start
    of a page with invalid memory immediately before.
    
    Problem caught by Antoine Jacoutot.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=662271

 bin/dconf-update.vala |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)
---
diff --git a/bin/dconf-update.vala b/bin/dconf-update.vala
index 5835999..0fd64d4 100644
--- a/bin/dconf-update.vala
+++ b/bin/dconf-update.vala
@@ -24,12 +24,14 @@ unowned Gvdb.Item get_parent (Gvdb.HashTable table, string name) {
 
 	int end = 0;
 
-	for (int i = 0; name[i] != '\0'; i++) {
+	for (int i = 1; name[i] != '\0'; i++) {
 		if (name[i - 1] == '/') {
 			end = i;
 		}
 	}
 
+	assert (end != 0);
+
 	var parent_name = name.substring (0, end);
 	parent = table.lookup (parent_name);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]