|
Harald Hoyer |
fe20ad |
From 9656356ef09c12a3c0d73bf84b7c6704d37bea47 Mon Sep 17 00:00:00 2001
|
|
Harald Hoyer |
fe20ad |
From: Harald Hoyer <harald@redhat.com>
|
|
Harald Hoyer |
fe20ad |
Date: Mon, 19 Aug 2013 15:18:43 +0200
|
|
Harald Hoyer |
fe20ad |
Subject: [PATCH] libudev-enumerate.c:udev_enumerate_get_list_entry() fixed
|
|
Harald Hoyer |
fe20ad |
possible stale pointer
|
|
Harald Hoyer |
fe20ad |
|
|
Harald Hoyer |
fe20ad |
If a realloc() happens in syspath_add(), the move_later pointer could
|
|
Harald Hoyer |
fe20ad |
point to an invalid memory region.
|
|
Harald Hoyer |
fe20ad |
|
|
Harald Hoyer |
fe20ad |
Let move_later store the array index, instead of the pointer to the
|
|
Harald Hoyer |
fe20ad |
entry.
|
|
Harald Hoyer |
fe20ad |
---
|
|
Harald Hoyer |
fe20ad |
src/libudev/libudev-enumerate.c | 19 +++++++++++--------
|
|
Harald Hoyer |
fe20ad |
1 file changed, 11 insertions(+), 8 deletions(-)
|
|
Harald Hoyer |
fe20ad |
|
|
Harald Hoyer |
fe20ad |
diff --git a/src/libudev/libudev-enumerate.c b/src/libudev/libudev-enumerate.c
|
|
Harald Hoyer |
fe20ad |
index 5ccaabd..3e79107 100644
|
|
Harald Hoyer |
fe20ad |
--- a/src/libudev/libudev-enumerate.c
|
|
Harald Hoyer |
fe20ad |
+++ b/src/libudev/libudev-enumerate.c
|
|
Harald Hoyer |
fe20ad |
@@ -270,8 +270,9 @@ _public_ struct udev_list_entry *udev_enumerate_get_list_entry(struct udev_enume
|
|
Harald Hoyer |
fe20ad |
return NULL;
|
|
Harald Hoyer |
fe20ad |
if (!udev_enumerate->devices_uptodate) {
|
|
Harald Hoyer |
fe20ad |
unsigned int i;
|
|
Harald Hoyer |
fe20ad |
+ int move_later = -1;
|
|
Harald Hoyer |
fe20ad |
unsigned int max;
|
|
Harald Hoyer |
fe20ad |
- struct syspath *prev = NULL, *move_later = NULL;
|
|
Harald Hoyer |
fe20ad |
+ struct syspath *prev = NULL;
|
|
Harald Hoyer |
fe20ad |
size_t move_later_prefix = 0;
|
|
Harald Hoyer |
fe20ad |
|
|
Harald Hoyer |
fe20ad |
udev_list_cleanup(&udev_enumerate->devices_list);
|
|
Harald Hoyer |
fe20ad |
@@ -303,23 +304,25 @@ _public_ struct udev_list_entry *udev_enumerate_get_list_entry(struct udev_enume
|
|
Harald Hoyer |
fe20ad |
move_later_prefix = devices_delay_later(udev_enumerate->udev, entry->syspath);
|
|
Harald Hoyer |
fe20ad |
|
|
Harald Hoyer |
fe20ad |
if (move_later_prefix > 0) {
|
|
Harald Hoyer |
fe20ad |
- move_later = entry;
|
|
Harald Hoyer |
fe20ad |
+ move_later = i;
|
|
Harald Hoyer |
fe20ad |
continue;
|
|
Harald Hoyer |
fe20ad |
}
|
|
Harald Hoyer |
fe20ad |
}
|
|
Harald Hoyer |
fe20ad |
|
|
Harald Hoyer |
fe20ad |
- if (move_later &&
|
|
Harald Hoyer |
fe20ad |
- !strneq(entry->syspath, move_later->syspath, move_later_prefix)) {
|
|
Harald Hoyer |
fe20ad |
+ if ((move_later >= 0) &&
|
|
Harald Hoyer |
fe20ad |
+ !strneq(entry->syspath, udev_enumerate->devices[move_later].syspath, move_later_prefix)) {
|
|
Harald Hoyer |
fe20ad |
|
|
Harald Hoyer |
fe20ad |
- udev_list_entry_add(&udev_enumerate->devices_list, move_later->syspath, NULL);
|
|
Harald Hoyer |
fe20ad |
- move_later = NULL;
|
|
Harald Hoyer |
fe20ad |
+ udev_list_entry_add(&udev_enumerate->devices_list,
|
|
Harald Hoyer |
fe20ad |
+ udev_enumerate->devices[move_later].syspath, NULL);
|
|
Harald Hoyer |
fe20ad |
+ move_later = -1;
|
|
Harald Hoyer |
fe20ad |
}
|
|
Harald Hoyer |
fe20ad |
|
|
Harald Hoyer |
fe20ad |
udev_list_entry_add(&udev_enumerate->devices_list, entry->syspath, NULL);
|
|
Harald Hoyer |
fe20ad |
}
|
|
Harald Hoyer |
fe20ad |
|
|
Harald Hoyer |
fe20ad |
- if (move_later)
|
|
Harald Hoyer |
fe20ad |
- udev_list_entry_add(&udev_enumerate->devices_list, move_later->syspath, NULL);
|
|
Harald Hoyer |
fe20ad |
+ if (move_later >= 0)
|
|
Harald Hoyer |
fe20ad |
+ udev_list_entry_add(&udev_enumerate->devices_list,
|
|
Harald Hoyer |
fe20ad |
+ udev_enumerate->devices[move_later].syspath, NULL);
|
|
Harald Hoyer |
fe20ad |
|
|
Harald Hoyer |
fe20ad |
/* add and cleanup delayed devices from end of list */
|
|
Harald Hoyer |
fe20ad |
for (i = max; i < udev_enumerate->devices_cur; i++) {
|