luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2024-09-19 16:56:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

gdbus: fix out-of-bound array access

Browse Source 
In path_rule_matches(), the given paths may be of 0-length. Do not
access memory before the array in those case. This is for example
triggered by:

test_match_rule (con, G_DBUS_SIGNAL_FLAGS_MATCH_ARG0_PATH, "/", "", FALSE);

in test_connection_signal_match_rules().

This bug was found thanks to GCC AddressSanitizer.

https://bugzilla.gnome.org/show_bug.cgi?id=745745
This commit is contained in:
Marc-André Lureau 2015-03-06 15:22:33 +01:00
parent 9bc3ae9207
commit 41acf970ac
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
gio/gdbusconnection.c
View File

@ -3703,10 +3703,10 @@ path_rule_matches (const gchar *path_a,
len_a = strlen (path_a);
len_b = strlen (path_b);
if (len_a < len_b && path_a[len_a - 1] != '/')
if (len_a < len_b && (len_a == 0 || path_a[len_a - 1] != '/'))
return FALSE;
if (len_b < len_a && path_b[len_b - 1] != '/')
if (len_b < len_a && (len_b == 0 || path_b[len_b - 1] != '/'))
return FALSE;
return memcmp (path_a, path_b, MIN (len_a, len_b)) == 0;