Protect against giving invalid pointers to writev

author Mikko Rasa <tdb@tdb.fi>

Sun, 19 Dec 2010 08:45:05 +0000 (08:45 +0000)

committer Mikko Rasa <tdb@tdb.fi>

Sun, 19 Dec 2010 08:45:05 +0000 (08:45 +0000)
author Mikko Rasa <tdb@tdb.fi>
Sun, 19 Dec 2010 08:45:05 +0000 (08:45 +0000)
committer Mikko Rasa <tdb@tdb.fi>
Sun, 19 Dec 2010 08:45:05 +0000 (08:45 +0000)
diff --git a/source/glprint.c b/source/glprint.c

index e90c0e3d6eb6445ce88de453e88b615b6aba14c4..6f645a7175bf6cd6daa746973267190f55dd7622 100644 (file)
--- a/source/glprint.c
+++ b/source/glprint.c
@@ -14,6 +14,8 @@ Distributed under the GPL
  #include "glprint.h"
  #include "tmpalloc.h"
  
+#define UNUSED __attribute__((unused))
+
  typedef struct sGlPrintData
  {
         char *buffer;
@@ -121,6 +123,12 @@ static const char *print_data(const void *data, unsigned size)
  {
         if(!data)
                 return "NULL";
+       else if((unsigned long)data<0x100000)
+       {
+               char *buffer = tmpalloc(20);
+               snprintf(buffer, 20, "%p", data);
+               return buffer;
+       }
         else if(!size)
                 return "/* data */";
         else
@@ -139,7 +147,7 @@ static void print_gldError(void *user_data, GLenum code)
         snprintf(gpd->buffer, gpd->bufsize, "ERROR: %s", describe_enum(code, "ErrorCode"));
  }
  
-static void print_unhandled(void *user_data, unsigned short func)
+static void print_unhandled(void *user_data, unsigned short func UNUSED)
  {
         GlPrintData *gpd = (GlPrintData *)user_data;
         gpd->buffer[0] = 0;
diff --git a/source/packet.c b/source/packet.c

index d31a631d26417db3ee5e6cd3148dc7a005f8b50a..e78b095b512e0850eeaa2dba911db157f3bfa83d 100644 (file)
--- a/source/packet.c
+++ b/source/packet.c
@@ -193,7 +193,14 @@ void packet_write_pointer(GlPacket *pkt, const void *p)
  
  void packet_write_data(GlPacket *pkt, const void *data, unsigned size)
  {
-       if(data)
+       if(!data)
+               packet_write_int(pkt, 0);
+       else if((unsigned long)data<0x100000)
+       {
+               packet_write_int(pkt, ~0);
+               packet_write_pointer(pkt, data);
+       }
+       else
         {
                 GlOutPacket *out = &pkt->out;
  
@@ -205,8 +212,6 @@ void packet_write_data(GlPacket *pkt, const void *data, unsigned size)
                 ++out->vec;
                 out->vec->iov_base = out->ptr;
         }
-       else
-               packet_write_int(pkt, 0);
  }
  
  void packet_write_string(GlPacket *pkt, const char *s)
@@ -408,13 +413,17 @@ void packet_read_data(GlPacket *pkt, const void **v)
         int vlen;
  
         packet_read_int(pkt, &vlen);
-       if(vlen)
+       if(vlen==~0)
+               packet_read_pointer(pkt, v);
+       else if(vlen)
+       {
                 *v = in->ptr;
+               in->ptr += vlen;
+               in->chunk -= vlen;
+               in->length -= vlen;
+       }
         else
                 *v = NULL;
-       in->ptr += vlen;
-       in->chunk -= vlen;
-       in->length -= vlen;
  }
  
  void packet_read_string(GlPacket *pkt, const char **v)
author	Mikko Rasa <tdb@tdb.fi>
	Sun, 19 Dec 2010 08:45:05 +0000 (08:45 +0000)
committer	Mikko Rasa <tdb@tdb.fi>
	Sun, 19 Dec 2010 08:45:05 +0000 (08:45 +0000)
source/glprint.c		patch \| blob \| history
source/packet.c		patch \| blob \| history