[glib] gdbus: fix out-of-bound array access
- From: Marc-Andre Lureau <malureau src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib] gdbus: fix out-of-bound array access
- Date: Tue, 21 Apr 2015 20:55:30 +0000 (UTC)
commit 41acf970accd25c4446e8f28c0b817e332722c23
Author: Marc-André Lureau <marcandre lureau gmail com>
Date: Fri Mar 6 15:22:33 2015 +0100
gdbus: fix out-of-bound array access
In path_rule_matches(), the given paths may be of 0-length. Do not
access memory before the array in those case. This is for example
triggered by:
test_match_rule (con, G_DBUS_SIGNAL_FLAGS_MATCH_ARG0_PATH, "/", "", FALSE);
in test_connection_signal_match_rules().
This bug was found thanks to GCC AddressSanitizer.
https://bugzilla.gnome.org/show_bug.cgi?id=745745
gio/gdbusconnection.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/gio/gdbusconnection.c b/gio/gdbusconnection.c
index 9ebf6d2..4465562 100644
--- a/gio/gdbusconnection.c
+++ b/gio/gdbusconnection.c
@@ -3703,10 +3703,10 @@ path_rule_matches (const gchar *path_a,
len_a = strlen (path_a);
len_b = strlen (path_b);
- if (len_a < len_b && path_a[len_a - 1] != '/')
+ if (len_a < len_b && (len_a == 0 || path_a[len_a - 1] != '/'))
return FALSE;
- if (len_b < len_a && path_b[len_b - 1] != '/')
+ if (len_b < len_a && (len_b == 0 || path_b[len_b - 1] != '/'))
return FALSE;
return memcmp (path_a, path_b, MIN (len_a, len_b)) == 0;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]