summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorTimo Teras <timo.teras@iki.fi>2009-04-15 12:44:24 +0300
committerTimo Teras <timo.teras@iki.fi>2009-04-15 12:44:24 +0300
commitebe43a5e01c7a581e12db6494419098d1556f5be (patch)
tree9f7f88359a05ce32f9af3200cc0d6ac56151599f /src
parent33c2bc0d1ae695c64d94b0a96e39912000cd9f70 (diff)
downloadapk-tools-ebe43a5e01c7a581e12db6494419098d1556f5be.tar.gz
apk-tools-ebe43a5e01c7a581e12db6494419098d1556f5be.tar.bz2
apk-tools-ebe43a5e01c7a581e12db6494419098d1556f5be.tar.xz
apk-tools-ebe43a5e01c7a581e12db6494419098d1556f5be.zip
state: do not derefence unallocated memory
Enforce name_id to be within apk_state allocated area. New apk_name:s can be created later for e.g. unknown packages requested at command line.
Diffstat (limited to 'src')
-rw-r--r--src/apk_state.h2
-rw-r--r--src/state.c7
2 files changed, 8 insertions, 1 deletions
diff --git a/src/apk_state.h b/src/apk_state.h
index 402b919..88a5ad0 100644
--- a/src/apk_state.h
+++ b/src/apk_state.h
@@ -23,7 +23,7 @@ struct apk_change {
};
struct apk_state {
- int refs;
+ unsigned int refs, num_names;
struct list_head change_list_head;
apk_name_state_t name[];
};
diff --git a/src/state.c b/src/state.c
index 0113506..c07c806 100644
--- a/src/state.c
+++ b/src/state.c
@@ -121,6 +121,7 @@ struct apk_state *apk_state_new(struct apk_database *db)
num_bytes = sizeof(struct apk_state) + db->name_id * sizeof(char *);
state = (struct apk_state*) calloc(1, num_bytes);
state->refs = 1;
+ state->num_names = db->name_id;
list_init(&state->change_list_head);
return state;
@@ -165,6 +166,9 @@ int apk_state_lock_dependency(struct apk_state *state,
struct apk_package *installed = NULL, *latest = NULL, *use;
int i;
+ if (name->id >= state->num_names)
+ return -1;
+
if (ns_empty(state->name[name->id])) {
if (dep->result_mask == APK_DEPMASK_CONFLICT)
return apk_state_lock_name(state, name, NULL);
@@ -279,6 +283,9 @@ int apk_state_lock_name(struct apk_state *state,
struct apk_package *oldpkg = NULL;
int i, j, k, r;
+ if (name->id >= state->num_names)
+ return -1;
+
ns_free(state->name[name->id]);
state->name[name->id] = ns_from_pkg(newpkg);