John (J5) Palmieri
johnp at redhat.com
Fri Apr 22 13:33:22 PDT 2005
On Fri, 2005-04-22 at 00:47 -0400, David Zeuthen wrote:
> On Wed, 2005-04-20 at 12:17 -0400, David Zeuthen wrote:
> > On Wed, 2005-04-20 at 12:16 -0400, David Zeuthen wrote:
> > > Hey,
> > >
> > > Can we go ahead and release 0.34? I need the fixes put in post 0.33 to
> > > just get hal running.
> > Bah, I meant 0.33 respectively 0.32.
> Hi, so Havoc wants 'make check' to pass before we do a release.
> So, 'make check' does pass with gcc32 (gcc version 3.2.3 20030502 (Red
> Hat Linux 3.2.3-47.fc4)), the only non-gcc4 compiler I have around, but
> I can't get it to work with gcc4 (gcc version 4.0.0 20050412 (Red Hat
> 4.0.0-0.42)). I've confirmed this for both 0.30, 0.31, 0.32 and CVS
> It's late, so maybe I'm missing something, but this is really creepy: In
> dbus-marshal-recursive-util.c we have this function
> static dbus_bool_t
> string_write_value (TestTypeNode *node,
> DataBlock *block,
> DBusTypeWriter *writer,
> int seed)
> char buf[MAX_SAMPLE_STRING_LEN];
> const char *v_string = buf;
> string_from_seed (buf, node->klass->subclass_detail,
> _dbus_warn ("buf='%s' 0x%08x\n", buf, (void *) buf);
> _dbus_warn ("v_string='%s' 0x%08x\n", v_string, (void *) v_string);
> return _dbus_type_writer_write_basic (writer,
Ok, so this was not the problem but it was faulty code.
string_from_seed does overwrite buf in cases where the initial size of
the string is 8 and the seed is 1. In that case 2 is added to the
length making it 10 which is the size of the buffer. The buffer is
filled in from position 0 to 9 but a null character is added at position
10 which causes the overflow. The real problem is happening in
_dbus_validate_signature_with_reason in dbus-marshal-validate.c where
for some reason the signature being passed in is a whitespace. Will
John (J5) Palmieri
Associate Software Engineer
Red Hat, Inc.
More information about the dbus