Skip to content

Commit

Permalink
dbus/socket: protect against no-op arithmetic on NULL pointers
Browse files Browse the repository at this point in the history
The socket layer assumes that computing `NULL + 0` produces `NULL`.
Unfortunately, this is UB. Protect against this pointer arithmetic and
ensure we correctly skip empty IOVs when consuming socket buffers.

Reported-by: Frantisek Sumsal <[email protected]>
Signed-off-by: David Rheinsberg <[email protected]>
  • Loading branch information
dvdhrm committed Jul 30, 2024
1 parent ff70f7d commit 338f63b
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions src/dbus/socket.c
Original file line number Diff line number Diff line change
Expand Up @@ -173,9 +173,13 @@ static bool socket_buffer_consume(SocketBuffer *buffer, size_t n) {

for ( ; !socket_buffer_is_consumed(buffer); ++buffer->writer) {
t = c_min(buffer->writer->iov_len, n);
buffer->writer->iov_len -= t;
buffer->writer->iov_base += t;
n -= t;
// IOVs can be empty/NULL. Ensure we do not calculate
// `NULL + 0`, as this is, unfortunately, UB.
if (t) {
buffer->writer->iov_len -= t;
buffer->writer->iov_base += t;
n -= t;
}
if (buffer->writer->iov_len)
break;
}
Expand Down

0 comments on commit 338f63b

Please sign in to comment.