[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[patch] null-pointer exception in hurd/libpipe/pq.c
|
From: |
Stefan Siegl |
|
Subject: |
[patch] null-pointer exception in hurd/libpipe/pq.c |
|
Date: |
Sat, 22 Jul 2006 18:11:04 +0200 |
|
User-agent: |
Mutt/1.5.9i |
Hi,
pipe_send (from libpipe/pipe.c) calls packet_write with a NULL
pointer as the fourth argument (size_t *amount), if a control packet
is to be sent. However packet_write hasn't cared for the NULL
pointer but tried to pass the appended amount of bytes back there,
resulting in a crash of pflocal (which calls pipe_send in S_socket_send).
This patch checks whether amount is NULL and doesn't write the value
back in case.
regards,
stesie
2006-07-22 Stefan Siegl <stesie@brokenpipe.de>
* pq.c (packet_write): Only return appended amount of bytes via
amount, if it is not a NULL pointer.
Index: pq.c
===================================================================
RCS file: /sources/hurd/hurd/libpipe/pq.c,v
retrieving revision 1.13
diff -u -4 -r1.13 pq.c
--- pq.c 24 Apr 2002 15:57:23 -0000 1.13
+++ pq.c 22 Jul 2006 15:26:02 -0000
@@ -328,9 +328,9 @@
return 0;
}
�
/* Append the bytes in DATA, of length DATA_LEN, to what's already in PACKET,
- and return the amount appended in AMOUNT. */
+ and return the amount appended in AMOUNT (if not NULL). */
error_t
packet_write (struct packet *packet,
char *data, size_t data_len, size_t *amount)
{
@@ -341,9 +341,11 @@
/* Add the new data. */
bcopy (data, packet->buf_end, data_len);
packet->buf_end += data_len;
- *amount = data_len;
+
+ if(amount)
+ *amount = data_len;
return 0;
}
�
--
Do not worry about your difficulties in mathematics;
I can assure you that mine are still greater.
-- Albert Einstein
- [patch] null-pointer exception in hurd/libpipe/pq.c,
Stefan Siegl <=