This is the mail archive of the ecos-patches@sources.redhat.com mailing list for the eCos project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

PATCH 4 "No checking of index while accessing file descriptor table might lead to a crash"


I would like to give a patch concerning the following issue :

"
These functions will probably crash, if u pass an fd 
>=CYGNUM_FILEIO_NFD to them.

?fd_close
?cyg_fd_assign
?cyg_fd_free
?cyg_fp_get
 cyg_fd_alloc (with negative parameter low)
"

Here 's the patch : (sorry my CVS access is rectricted : v1.5/fd.cxx is the 
file v1.5 I just got on CVSweb)

< 
diff -a -w -u -r v1.5 fd.cxx
--- v1.5/fd.cxx Wed Mar 10 14:40:51 2004
+++ fd.cxx      Wed Mar 10 14:47:09 2004
@@ -62,6 +62,7 @@
 #endif
 #include <cyg/infra/cyg_trac.h>        // tracing macros
 #include <cyg/infra/cyg_ass.h>         // assertion macros
+#include <assert.h>                    // asserts

 #include "fio.h"                       // Private header

@@ -175,7 +176,10 @@
 static int fd_close( int fd )
 {
     int error = 0;
-    cyg_file *fp = desc[fd];
+    cyg_file *fp;
+
+    assert(0<fd<CYGNUM_FILEIO_NFD);
+    fp= desc[fd];

     if( fp != FD_ALLOCATED && fp != NULL)
     {
@@ -202,6 +206,7 @@
 {
     int fd;

+    assert(0<low<CYGNUM_FILEIO_NFD);
     FILEIO_MUTEX_LOCK(fdlock);

     for( fd = low; fd < CYGNUM_FILEIO_NFD; fd++ )
@@ -244,6 +249,8 @@
 {
     int error;

+    assert(0<fd<CYGNUM_FILEIO_NFD);
+
     FILEIO_MUTEX_LOCK(fdlock);

     error = fd_close( fd );
@@ -266,6 +273,8 @@

 __externC cyg_file *cyg_fp_get( int fd )
 {
+    assert(0<fd<CYGNUM_FILEIO_NFD);
+
     FILEIO_MUTEX_LOCK(fdlock);

     cyg_file *fp = desc[fd];
@@ -330,6 +339,8 @@

 __externC int dup( int fd )
 {
+    assert(0<fd<CYGNUM_FILEIO_NFD);
+
     cyg_file *fp = cyg_fp_get( fd );

     if( fp == NULL )
@@ -358,6 +369,9 @@

 __externC int dup2( int fd, int fd2 )
 {
+    assert(0<fd<CYGNUM_FILEIO_NFD);
+    assert(0<fd2<CYGNUM_FILEIO_NFD);
+
     if( fd2 == fd ) return fd2;

     if( fd2 < 0 || fd2 >= OPEN_MAX )


Hope this help.
Have a nice day.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]