From e7d4e2a75e75ff1a152912f0c19fb72ed63e81bc Mon Sep 17 00:00:00 2001 From: Mikko Rasa Date: Sun, 19 Dec 2010 08:45:05 +0000 Subject: [PATCH] Protect against giving invalid pointers to writev Print raw values of small data pointers --- source/glprint.c | 10 +++++++++- source/packet.c | 23 ++++++++++++++++------- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/source/glprint.c b/source/glprint.c index e90c0e3..6f645a7 100644 --- a/source/glprint.c +++ b/source/glprint.c @@ -14,6 +14,8 @@ Distributed under the GPL #include "glprint.h" #include "tmpalloc.h" +#define UNUSED __attribute__((unused)) + typedef struct sGlPrintData { char *buffer; @@ -121,6 +123,12 @@ static const char *print_data(const void *data, unsigned size) { if(!data) return "NULL"; + else if((unsigned long)data<0x100000) + { + char *buffer = tmpalloc(20); + snprintf(buffer, 20, "%p", data); + return buffer; + } else if(!size) return "/* data */"; else @@ -139,7 +147,7 @@ static void print_gldError(void *user_data, GLenum code) snprintf(gpd->buffer, gpd->bufsize, "ERROR: %s", describe_enum(code, "ErrorCode")); } -static void print_unhandled(void *user_data, unsigned short func) +static void print_unhandled(void *user_data, unsigned short func UNUSED) { GlPrintData *gpd = (GlPrintData *)user_data; gpd->buffer[0] = 0; diff --git a/source/packet.c b/source/packet.c index d31a631..e78b095 100644 --- a/source/packet.c +++ b/source/packet.c @@ -193,7 +193,14 @@ void packet_write_pointer(GlPacket *pkt, const void *p) void packet_write_data(GlPacket *pkt, const void *data, unsigned size) { - if(data) + if(!data) + packet_write_int(pkt, 0); + else if((unsigned long)data<0x100000) + { + packet_write_int(pkt, ~0); + packet_write_pointer(pkt, data); + } + else { GlOutPacket *out = &pkt->out; @@ -205,8 +212,6 @@ void packet_write_data(GlPacket *pkt, const void *data, unsigned size) ++out->vec; out->vec->iov_base = out->ptr; } - else - packet_write_int(pkt, 0); } void packet_write_string(GlPacket *pkt, const char *s) @@ -408,13 +413,17 @@ void packet_read_data(GlPacket *pkt, const void **v) int vlen; packet_read_int(pkt, &vlen); - if(vlen) + if(vlen==~0) + packet_read_pointer(pkt, v); + else if(vlen) + { *v = in->ptr; + in->ptr += vlen; + in->chunk -= vlen; + in->length -= vlen; + } else *v = NULL; - in->ptr += vlen; - in->chunk -= vlen; - in->length -= vlen; } void packet_read_string(GlPacket *pkt, const char **v) -- 2.45.2