diff options
author | Timo Teras <timo.teras@iki.fi> | 2009-04-15 12:44:24 +0300 |
---|---|---|
committer | Timo Teras <timo.teras@iki.fi> | 2009-04-15 12:44:24 +0300 |
commit | ebe43a5e01c7a581e12db6494419098d1556f5be (patch) | |
tree | 9f7f88359a05ce32f9af3200cc0d6ac56151599f /src | |
parent | 33c2bc0d1ae695c64d94b0a96e39912000cd9f70 (diff) | |
download | apk-tools-ebe43a5e01c7a581e12db6494419098d1556f5be.tar.gz apk-tools-ebe43a5e01c7a581e12db6494419098d1556f5be.tar.bz2 apk-tools-ebe43a5e01c7a581e12db6494419098d1556f5be.tar.xz apk-tools-ebe43a5e01c7a581e12db6494419098d1556f5be.zip |
state: do not derefence unallocated memory
Enforce name_id to be within apk_state allocated area. New apk_name:s
can be created later for e.g. unknown packages requested at command line.
Diffstat (limited to 'src')
-rw-r--r-- | src/apk_state.h | 2 | ||||
-rw-r--r-- | src/state.c | 7 |
2 files changed, 8 insertions, 1 deletions
diff --git a/src/apk_state.h b/src/apk_state.h index 402b919..88a5ad0 100644 --- a/src/apk_state.h +++ b/src/apk_state.h @@ -23,7 +23,7 @@ struct apk_change { }; struct apk_state { - int refs; + unsigned int refs, num_names; struct list_head change_list_head; apk_name_state_t name[]; }; diff --git a/src/state.c b/src/state.c index 0113506..c07c806 100644 --- a/src/state.c +++ b/src/state.c @@ -121,6 +121,7 @@ struct apk_state *apk_state_new(struct apk_database *db) num_bytes = sizeof(struct apk_state) + db->name_id * sizeof(char *); state = (struct apk_state*) calloc(1, num_bytes); state->refs = 1; + state->num_names = db->name_id; list_init(&state->change_list_head); return state; @@ -165,6 +166,9 @@ int apk_state_lock_dependency(struct apk_state *state, struct apk_package *installed = NULL, *latest = NULL, *use; int i; + if (name->id >= state->num_names) + return -1; + if (ns_empty(state->name[name->id])) { if (dep->result_mask == APK_DEPMASK_CONFLICT) return apk_state_lock_name(state, name, NULL); @@ -279,6 +283,9 @@ int apk_state_lock_name(struct apk_state *state, struct apk_package *oldpkg = NULL; int i, j, k, r; + if (name->id >= state->num_names) + return -1; + ns_free(state->name[name->id]); state->name[name->id] = ns_from_pkg(newpkg); |