Return-Path: Delivered-To: apmail-commons-commits-archive@minotaur.apache.org Received: (qmail 51551 invoked from network); 30 Jul 2009 06:36:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 30 Jul 2009 06:36:25 -0000 Received: (qmail 62800 invoked by uid 500); 30 Jul 2009 06:36:26 -0000 Delivered-To: apmail-commons-commits-archive@commons.apache.org Received: (qmail 62705 invoked by uid 500); 30 Jul 2009 06:36:25 -0000 Mailing-List: contact commits-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@commons.apache.org Delivered-To: mailing list commits@commons.apache.org Received: (qmail 62696 invoked by uid 99); 30 Jul 2009 06:36:25 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Jul 2009 06:36:25 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Jul 2009 06:36:23 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id E62512388994; Thu, 30 Jul 2009 06:36:02 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r799183 - in /commons/sandbox/runtime/trunk/src/main/native: include/acr.h shared/db.c shared/memory.c shared/nbb.c shared/xdr.c Date: Thu, 30 Jul 2009 06:36:02 -0000 To: commits@commons.apache.org From: mturk@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090730063602.E62512388994@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: mturk Date: Thu Jul 30 06:36:02 2009 New Revision: 799183 URL: http://svn.apache.org/viewvc?rev=799183&view=rev Log: Extend params checking Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr.h commons/sandbox/runtime/trunk/src/main/native/shared/db.c commons/sandbox/runtime/trunk/src/main/native/shared/memory.c commons/sandbox/runtime/trunk/src/main/native/shared/nbb.c commons/sandbox/runtime/trunk/src/main/native/shared/xdr.c Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr.h URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr.h?rev=799183&r1=799182&r2=799183&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/include/acr.h (original) +++ commons/sandbox/runtime/trunk/src/main/native/include/acr.h Thu Jul 30 06:36:02 2009 @@ -247,6 +247,8 @@ #define ACR_SL_ALIGN(T, X) T X; long __align_##X #endif +#define ACR_SIZE_T_MAX ((acr_size_t)~0 - 8192) + /** * ACR_DECLARE_EXPORT is defined when building the ANNEX dynamic library, * so that all public symbols are exported. Modified: commons/sandbox/runtime/trunk/src/main/native/shared/db.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/shared/db.c?rev=799183&r1=799182&r2=799183&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/shared/db.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/shared/db.c Thu Jul 30 06:36:02 2009 @@ -114,7 +114,7 @@ void *mem; acr_size_t siz = (acr_size_t)ACR_ALIGN_DEFAULT(len); - if (len < 1) { + if (len < 1 || len > ACR_SIZE_T_MAX) { ACR_SET_OS_ERROR(ACR_EISNULL); return NULL; } Modified: commons/sandbox/runtime/trunk/src/main/native/shared/memory.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/shared/memory.c?rev=799183&r1=799182&r2=799183&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/shared/memory.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/shared/memory.c Thu Jul 30 06:36:02 2009 @@ -113,8 +113,17 @@ size = 1024; #endif } - else + else { + if (size > ACR_SIZE_T_MAX) { + /* We should fall lot before that. + */ + if (!IS_INVALID_HANDLE(_E)) + ACR_ThrowException(_E, file, line, ACR_EX_EINVAL, + ACR_EINVAL); + return NULL; + } size = ACR_ALIGN_DEFAULT(sbhs + size); + } if (!(base = ACR_Calloc(_E, file, line, size))) return NULL; sbh = (acr_sbh_t *)base; @@ -173,6 +182,14 @@ ACR_EISNULL); return NULL; } + if (size > ACR_SIZE_T_MAX) { + /* We should fail lot before that. + */ + if (!IS_INVALID_HANDLE(_E)) + ACR_ThrowException(_E, file, line, ACR_EX_EINVAL, + ACR_EINVAL); + return NULL; + } size = ACR_ALIGN_DEFAULT(size); if ((sbh->size - sbh->ppos) >= size) { @@ -262,7 +279,7 @@ acr_size_t ass = (acr_size_t)ACR_ALIGN_DEFAULT(siz); UNREFERENCED_O; - if (siz < 1L) { + if (siz < 1L || siz > ACR_SIZE_T_MAX) { ACR_ThrowException(_E, THROW_NMARK, ACR_EX_EINVAL, 0); return NULL; } @@ -284,7 +301,7 @@ acr_size_t ass = (acr_size_t)ACR_ALIGN_DEFAULT(siz); UNREFERENCED_O; - if (siz < 1L) { + if (siz < 1L || siz > ACR_SIZE_T_MAX) { ACR_ThrowException(_E, THROW_NMARK, ACR_EX_EINVAL, 0); return NULL; } @@ -303,19 +320,24 @@ jobject src, jlong siz) { - acr_pointer_cleanup_fn_t *cb; + acr_pointer_cleanup_fn_t *cb; void *np; size_t ss = (size_t)siz; void *op = ACR_PointerGet(_E, src, NULL); UNREFERENCED_O; - cb = ACR_PointerCallbackGet(_E, src); - if (cb != memory_pointer_cleanup) { - /* Trying to realloc on something we didn't alloc first. - */ + + if (siz < 1L || siz > ACR_SIZE_T_MAX) { + ACR_ThrowException(_E, THROW_NMARK, ACR_EX_EINVAL, 0); + return; + } + cb = ACR_PointerCallbackGet(_E, src); + if (cb != memory_pointer_cleanup) { + /* Trying to realloc on something we didn't alloc first. + */ ACR_ThrowException(_E, THROW_NMARK, ACR_EX_ERUNTIME, ACR_EFAULT); - return; - } + return; + } np = ACR_Realloc(_E, THROW_NMARK, op, ss); if (!np) { return; Modified: commons/sandbox/runtime/trunk/src/main/native/shared/nbb.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/shared/nbb.c?rev=799183&r1=799182&r2=799183&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/shared/nbb.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/shared/nbb.c Thu Jul 30 06:36:02 2009 @@ -38,7 +38,7 @@ UNREFERENCED_O; - if (size < 1) { + if (size < 1L || size > ACR_SIZE_T_MAX) { ACR_ThrowException(_E, THROW_FMARK, ACR_EX_EINVAL, ACR_EINVALSIZ); return NULL; @@ -64,7 +64,7 @@ UNREFERENCED_O; - if (size < 1) { + if (size < 1L || size > ACR_SIZE_T_MAX) { ACR_ThrowException(_E, THROW_FMARK, ACR_EX_EINVAL, ACR_EINVALSIZ); return NULL; Modified: commons/sandbox/runtime/trunk/src/main/native/shared/xdr.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/shared/xdr.c?rev=799183&r1=799182&r2=799183&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/shared/xdr.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/shared/xdr.c Thu Jul 30 06:36:02 2009 @@ -44,6 +44,8 @@ { size_t size = ACR_ALIGN_DEFAULT(sizeof(acr_xdr_t)) + len; + if (len > ACR_SIZE_T_MAX) + return ACR_EINVAL; *xdr = (acr_xdr_t *)malloc(size); if (*xdr == NULL) return ACR_GET_OS_ERROR(); @@ -61,7 +63,7 @@ } ACR_DECLARE(int) ACR_XdrInitEx(acr_xdr_t **xdr, acr_byte_t *buf, size_t len, - int nbo) + int nbo) { *xdr = (acr_xdr_t *)buf;