diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-07-09 07:38:10 +0200 |
|---|---|---|
| committer | Sven Eden <sven.eden@prydeworx.com> | 2018-10-29 10:18:27 +0100 |
| commit | 8ebd981ea1f4a48a5f0248939b75e3f1699d6e63 (patch) | |
| tree | 4226e583a53c7c5430406c03bb689fa82d94bc62 /src/libelogind | |
| parent | 081232081ccb96d2361834625caba4d3d2341437 (diff) | |
bus-message: use structured initialization to avoid use of unitialized memory
As far as I can see, we would either reuse some values from a previously exited
container or just random bytes from the heap.
Should fix #10127.
(cherry picked from commit cf81c68e96aa29d0c28b5d3a26d1de9aa1b53b85)
Diffstat (limited to 'src/libelogind')
| -rw-r--r-- | src/libelogind/sd-bus/bus-message.c | 58 |
1 files changed, 27 insertions, 31 deletions
diff --git a/src/libelogind/sd-bus/bus-message.c b/src/libelogind/sd-bus/bus-message.c index 0d21be0ae..0729e22ce 100644 --- a/src/libelogind/sd-bus/bus-message.c +++ b/src/libelogind/sd-bus/bus-message.c @@ -1949,7 +1949,7 @@ _public_ int sd_bus_message_open_container( char type, const char *contents) { - struct bus_container *c, *w; + struct bus_container *c; uint32_t *array_size = NULL; _cleanup_free_ char *signature = NULL; size_t before, begin = 0; @@ -1994,16 +1994,14 @@ _public_ int sd_bus_message_open_container( return r; /* OK, let's fill it in */ - w = m->containers + m->n_containers++; - w->enclosing = type; - w->signature = TAKE_PTR(signature); - w->index = 0; - w->array_size = array_size; - w->before = before; - w->begin = begin; - w->n_offsets = w->offsets_allocated = 0; - w->offsets = NULL; - w->need_offsets = need_offsets; + m->containers[m->n_containers++] = (struct bus_container) { + .enclosing = type, + .signature = TAKE_PTR(signature), + .array_size = array_size, + .before = before, + .begin = begin, + .need_offsets = need_offsets, + }; return 0; } @@ -3966,10 +3964,10 @@ static int bus_message_enter_dict_entry( _public_ int sd_bus_message_enter_container(sd_bus_message *m, char type, const char *contents) { - struct bus_container *c, *w; + struct bus_container *c; uint32_t *array_size = NULL; _cleanup_free_ char *signature = NULL; - size_t before; + size_t before, end; _cleanup_free_ size_t *offsets = NULL; size_t n_offsets = 0, item_size = 0; int r; @@ -4048,28 +4046,26 @@ _public_ int sd_bus_message_enter_container(sd_bus_message *m, return r; /* OK, let's fill it in */ - w = m->containers + m->n_containers++; - w->enclosing = type; - w->signature = TAKE_PTR(signature); - w->peeked_signature = NULL; - w->index = 0; - - w->before = before; - w->begin = m->rindex; - - /* Unary type has fixed size of 1, but virtual size of 0 */ if (BUS_MESSAGE_IS_GVARIANT(m) && type == SD_BUS_TYPE_STRUCT && isempty(signature)) - w->end = m->rindex + 0; + end = m->rindex + 0; else - w->end = m->rindex + c->item_size; - - w->array_size = array_size; - w->item_size = item_size; - w->offsets = TAKE_PTR(offsets); - w->n_offsets = n_offsets; - w->offset_index = 0; + end = m->rindex + c->item_size; + + m->containers[m->n_containers++] = (struct bus_container) { + .enclosing = type, + .signature = TAKE_PTR(signature), + + .before = before, + .begin = m->rindex, + /* Unary type has fixed size of 1, but virtual size of 0 */ + .end = end, + .array_size = array_size, + .item_size = item_size, + .offsets = TAKE_PTR(offsets), + .n_offsets = n_offsets, + }; return 1; } |