summaryrefslogtreecommitdiff
path: root/src/syncevo/LocalTransportAgent.cpp
diff options
context:
space:
mode:
authorPatrick Ohly <patrick.ohly@intel.com>2011-04-20 14:20:46 +0200
committerPatrick Ohly <patrick.ohly@intel.com>2011-04-20 14:20:46 +0200
commite3ccba5d1c7d53ee08e3a2f7cc83bc387dc4d39d (patch)
tree6cebf497c11635d68d1862f5b21d02f514a3cc00 /src/syncevo/LocalTransportAgent.cpp
parent162568b064e2a21991afe44e788d7f5e7c215569 (diff)
local sync: fixed potential NULL pointer read
The following code crashed if m_length was read after executing the release() calls: realloc(buffer.m_message.release(), buffer.m_message->m_length) That's because release() resets the m_message pointer. It seems that clang orders execution like that whereas gcc doesn't.
Diffstat (limited to 'src/syncevo/LocalTransportAgent.cpp')
-rw-r--r--src/syncevo/LocalTransportAgent.cpp6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/syncevo/LocalTransportAgent.cpp b/src/syncevo/LocalTransportAgent.cpp
index b4a3671a..a31f9916 100644
--- a/src/syncevo/LocalTransportAgent.cpp
+++ b/src/syncevo/LocalTransportAgent.cpp
@@ -637,9 +637,11 @@ TransportAgent::Status LocalTransportAgent::readMessage(int fd, Buffer &buffer,
"Message Buffer");
} else if (buffer.m_used >= sizeof(Message) &&
buffer.m_message->m_length > buffer.m_size) {
- buffer.m_message.set(static_cast<Message *>(realloc(buffer.m_message.release(), buffer.m_message->m_length)),
+ // copy before (temporarily) freeing memory
+ size_t newsize = buffer.m_message->m_length;
+ buffer.m_message.set(static_cast<Message *>(realloc(buffer.m_message.release(), newsize)),
"Message Buffer");
- buffer.m_size = buffer.m_message->m_length;
+ buffer.m_size = newsize;
}
SE_LOG_DEBUG(NULL, NULL, "%s: recv %ld bytes",
m_pid ? "parent" : "child",
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-23 06:09:00 +0000