[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Mon Jan 4 10:51:01 UTC 2021
The branch, master has been updated
via 3e96c95d41e lib: Avoid declaring zero-length VLAs in various messaging functions
from 54963d246ea Happy New Year 2021!
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3e96c95d41e4ccd0bf43b3ee78af644e2bc32e30
Author: Dimitry Andric <dimitry at andric.com>
Date: Fri Jan 1 18:25:48 2021 +0100
lib: Avoid declaring zero-length VLAs in various messaging functions
In messaging_rec_create(), messaging_recv_cb() and
messaging_dispatch_rec(), variable length arrays of file descriptors are
declared using an incoming num_fds parameter.
However, there are several scenarios where num_fds can be zero, and
declaring a zero-length VLA is undefined behavior. This can lead to
segmentation faults and/or other crashes when compiling with recent
versions of clang at high optimization levels.
To avoid ever using zero as the length for these declarations, use
MAX(1, length) instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14605
Signed-off-by: Dimitry Andric <dimitry at andric.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jan 4 10:50:07 UTC 2021 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
source3/lib/messages.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index b63e277115f..b63652ca1a5 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -157,7 +157,7 @@ struct messaging_rec *messaging_rec_create(
{
struct messaging_rec rec;
- int64_t fds64[num_fds];
+ int64_t fds64[MAX(1, num_fds)];
size_t i;
for (i=0; i<num_fds; i++) {
@@ -391,7 +391,7 @@ static void messaging_recv_cb(struct tevent_context *ev,
private_data, struct messaging_context);
struct server_id_buf idbuf;
struct messaging_rec rec;
- int64_t fds64[MIN(num_fds, INT8_MAX)];
+ int64_t fds64[MAX(1, MIN(num_fds, INT8_MAX))];
size_t i;
if (msg_len < MESSAGE_HDR_LENGTH) {
@@ -1372,7 +1372,7 @@ static void messaging_dispatch_rec(struct messaging_context *msg_ctx,
if (ev != msg_ctx->event_ctx) {
struct iovec iov;
- int fds[rec->num_fds];
+ int fds[MAX(1, rec->num_fds)];
int ret;
/*
--
Samba Shared Repository
More information about the samba-cvs
mailing list