[PATCH 1/3] fix code generation for emit_size_read() to check for buffer overflow

Aleksander Morgado aleksander at aleksander.es
Tue Oct 7 04:41:44 PDT 2014

On Tue, Oct 7, 2014 at 12:34 PM, Aleksander Morgado
<aleksander at aleksander.es> wrote:
> emit_size_read() is only used during validate(), and therefore we can
> safely add code to return FALSE (indicating message invalid) at any
> point. So, instead of going on with the parsing, if we detect that the
> we don't have enough bytes in the buffer to read the string/array
> size-variable, we can just g_warning() and return an error.
> See attached, patch; what do you think?

Forget about the previous patch; this one looks better.

Plus, I added a unit test to reproduce the issue. git master segfaults
on the unit test, as it tries to read a guint16 from a buffer of 0
bytes; while with the patch on we just get a warning and fully ignore
the invalid TLV.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-v2-qmi-codegen-ensure-enough-buffer-available-to-read-s.patch
Type: text/x-patch
Size: 7128 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/libqmi-devel/attachments/20141007/c686427c/attachment.bin>

More information about the libqmi-devel mailing list