[PATCH 2/3] assert input buffer size for qmi_utils_write_(fixed_size)?string_to_buffer()
Thomas Haller
thaller at redhat.com
Mon Oct 6 06:15:33 PDT 2014
Signed-off-by: Thomas Haller <thaller at redhat.com>
---
src/libqmi-glib/qmi-utils.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/libqmi-glib/qmi-utils.c b/src/libqmi-glib/qmi-utils.c
index f85970d..3875a0b 100644
--- a/src/libqmi-glib/qmi-utils.c
+++ b/src/libqmi-glib/qmi-utils.c
@@ -956,7 +956,7 @@ qmi_utils_write_string_to_buffer (guint8 **buffer,
guint8 length_prefix_size,
const gchar *in)
{
- guint16 len;
+ gsize len;
guint8 len_8;
guint16 len_16;
@@ -967,20 +967,26 @@ qmi_utils_write_string_to_buffer (guint8 **buffer,
length_prefix_size == 8 ||
length_prefix_size == 16);
- len = (guint16) strlen (in);
+ len = strlen (in);
+
+ g_assert ( len + (length_prefix_size/8) <= *buffer_size
+ || (length_prefix_size==8 && ((int) G_MAXUINT8 + 1) < *buffer_size));
switch (length_prefix_size) {
case 0:
break;
case 8:
- g_warn_if_fail (len <= G_MAXUINT8);
+ if (len > G_MAXUINT8) {
+ g_warn_if_reached ();
+ len = G_MAXUINT8;
+ }
len_8 = (guint8)len;
qmi_utils_write_guint8_to_buffer (buffer,
buffer_size,
&len_8);
break;
case 16:
- g_warn_if_fail (len <= G_MAXUINT16);
+ /* already asserted that @len is no larger then @buffer_size */
len_16 = (guint16)len;
qmi_utils_write_guint16_to_buffer (buffer,
buffer_size,
@@ -1021,6 +1027,7 @@ qmi_utils_write_fixed_size_string_to_buffer (guint8 **buffer,
g_assert (buffer != NULL);
g_assert (buffer_size != NULL);
g_assert (fixed_size > 0);
+ g_assert (fixed_size <= *buffer_size);
memcpy (*buffer, in, fixed_size);
*buffer = &((*buffer)[fixed_size]);
--
1.9.3
More information about the libqmi-devel
mailing list