projects
/
babeltrace.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix: add stricter checks on packet boundaries
[babeltrace.git]
/
formats
/
ctf
/
types
/
float.c
diff --git
a/formats/ctf/types/float.c
b/formats/ctf/types/float.c
index 2e0bd5ce57ea78b42994e13b4ddf05e19bc79ae5..afe5e8d2cf2ef9d66a1cce2df2727bea70a4ba34 100644
(file)
--- a/
formats/ctf/types/float.c
+++ b/
formats/ctf/types/float.c
@@
-197,11
+197,14
@@
int ctf_float_read(struct bt_stream_pos *ppos, struct bt_definition *definition)
}
tmpfloat = container_of(tmpdef, struct definition_float, p);
memset(&destp, 0, sizeof(destp));
}
tmpfloat = container_of(tmpdef, struct definition_float, p);
memset(&destp, 0, sizeof(destp));
- ctf_init_pos(&destp, -1, O_RDWR);
+ ctf_init_pos(&destp,
NULL,
-1, O_RDWR);
mmap_align_set_addr(&mma, (char *) u.bits);
destp.base_mma = &mma;
destp.packet_size = sizeof(u) * CHAR_BIT;
mmap_align_set_addr(&mma, (char *) u.bits);
destp.base_mma = &mma;
destp.packet_size = sizeof(u) * CHAR_BIT;
- ctf_align_pos(pos, float_declaration->p.alignment);
+ if (!ctf_align_pos(pos, float_declaration->p.alignment)) {
+ ret = -EFAULT;
+ goto end_unref;
+ }
ret = _ctf_float_copy(&destp.parent, tmpfloat, ppos, float_definition);
switch (float_declaration->mantissa->len + 1) {
case FLT_MANT_DIG:
ret = _ctf_float_copy(&destp.parent, tmpfloat, ppos, float_definition);
switch (float_declaration->mantissa->len + 1) {
case FLT_MANT_DIG:
@@
-232,7
+235,7
@@
int ctf_float_write(struct bt_stream_pos *ppos, struct bt_definition *definition
union doubleIEEE754 u;
struct bt_definition *tmpdef;
struct definition_float *tmpfloat;
union doubleIEEE754 u;
struct bt_definition *tmpdef;
struct definition_float *tmpfloat;
- struct ctf_stream_pos srcp;
+ struct ctf_stream_pos srcp
= { { 0 } }
;
struct mmap_align mma;
int ret;
struct mmap_align mma;
int ret;
@@
-253,7
+256,7
@@
int ctf_float_write(struct bt_stream_pos *ppos, struct bt_definition *definition
goto end;
}
tmpfloat = container_of(tmpdef, struct definition_float, p);
goto end;
}
tmpfloat = container_of(tmpdef, struct definition_float, p);
- ctf_init_pos(&srcp, -1, O_RDONLY);
+ ctf_init_pos(&srcp,
NULL,
-1, O_RDONLY);
mmap_align_set_addr(&mma, (char *) u.bits);
srcp.base_mma = &mma;
srcp.packet_size = sizeof(u) * CHAR_BIT;
mmap_align_set_addr(&mma, (char *) u.bits);
srcp.base_mma = &mma;
srcp.packet_size = sizeof(u) * CHAR_BIT;
@@
-268,7
+271,10
@@
int ctf_float_write(struct bt_stream_pos *ppos, struct bt_definition *definition
ret = -EINVAL;
goto end_unref;
}
ret = -EINVAL;
goto end_unref;
}
- ctf_align_pos(pos, float_declaration->p.alignment);
+ if (!ctf_align_pos(pos, float_declaration->p.alignment)) {
+ ret = -EFAULT;
+ goto end_unref;
+ }
ret = _ctf_float_copy(ppos, float_definition, &srcp.parent, tmpfloat);
end_unref:
ret = _ctf_float_copy(ppos, float_definition, &srcp.parent, tmpfloat);
end_unref:
This page took
0.024767 seconds
and
4
git commands to generate.