From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 From: Aleksei Nikiforov To: devel@lists.altlinux.org Date: Tue, 10 Dec 2019 18:23:08 +0300 Message-Id: <20191210152343.33867-4-darktemplar@altlinux.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191210152343.33867-1-darktemplar@altlinux.org> References: <20191210152343.33867-1-darktemplar@altlinux.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Cc: Aleksei Nikiforov Subject: [devel] [PATCH for apt 03/38] Fix potential memory corruption in pkgCache::DepIterator::AllTargets() X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Dec 2019 15:24:45 -0000 Archived-At: List-Archive: List-Post: Use dynamic memory allocation instead of predefined buffer. Found via cppcheck --- apt/apt-pkg/pkgcache.cc | 45 ++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/apt/apt-pkg/pkgcache.cc b/apt/apt-pkg/pkgcache.cc index dfdba6b..afefe3b 100644 --- a/apt/apt-pkg/pkgcache.cc +++ b/apt/apt-pkg/pkgcache.cc @@ -388,8 +388,10 @@ bool pkgCache::DepIterator::SmartTargetPkg(PkgIterator &Result) must be delete [] 'd */ pkgCache::Version **pkgCache::DepIterator::AllTargets() { - Version *Res[1024]; - unsigned int Size = 0; + Version **Res = nullptr; + size_t Size = 0; + + while (true) { PkgIterator DPkg = TargetPkg(); @@ -405,9 +407,9 @@ pkgCache::Version **pkgCache::DepIterator::AllTargets() continue; Version *v = I; - if (Res != 0 && Size > 0) { + if (Res != nullptr && Size > 0) { bool seen = false; - for (unsigned int j = 0; j < Size; ++j) { + for (size_t j = 0; j < Size; ++j) { Version *vj = Res[j]; if (v == vj) { seen = true; @@ -418,8 +420,10 @@ pkgCache::Version **pkgCache::DepIterator::AllTargets() continue; } - assert(Size < sizeof(Res)/sizeof(*Res)); - Res[Size++] = v; + if (Res != nullptr) { + Res[Size] = v; + } + Size++; } // Follow all provides @@ -434,9 +438,9 @@ pkgCache::Version **pkgCache::DepIterator::AllTargets() continue; Version *v = I.OwnerVer(); - if (Res != 0 && Size > 0) { + if (Res != nullptr && Size > 0) { bool seen = false; - for (unsigned int j = 0; j < Size; ++j) { + for (size_t j = 0; j < Size; ++j) { Version *vj = Res[j]; if (v == vj) { seen = true; @@ -447,16 +451,25 @@ pkgCache::Version **pkgCache::DepIterator::AllTargets() continue; } - assert(Size < sizeof(Res)/sizeof(*Res)); - Res[Size++] = v; + if (Res != nullptr) { + Res[Size] = v; + } + Size++; + } + + if (Res == 0) + { + Res = new Version *[Size+1]; + Size = 0; + } + else + { + Res[Size] = nullptr; + break; } } - - Version **Ret = new Version *[Size+1]; - if (Size) - memcpy(Ret, Res, Size*sizeof(*Res)); - Ret[Size] = 0; - return Ret; + + return Res; } /*}}}*/ // DepIterator::GlobOr - Compute an OR group /*{{{*/ -- 2.24.0