From ebe43a5e01c7a581e12db6494419098d1556f5be Mon Sep 17 00:00:00 2001
From: Timo Teras <timo.teras@iki.fi>
Date: Wed, 15 Apr 2009 12:44:24 +0300
Subject: state: do not derefence unallocated memory

Enforce name_id to be within apk_state allocated area. New apk_name:s
can be created later for e.g. unknown packages requested at command line.
---
 src/state.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/state.c')

diff --git a/src/state.c b/src/state.c
index 0113506..c07c806 100644
--- a/src/state.c
+++ b/src/state.c
@@ -121,6 +121,7 @@ struct apk_state *apk_state_new(struct apk_database *db)
 	num_bytes = sizeof(struct apk_state) + db->name_id * sizeof(char *);
 	state = (struct apk_state*) calloc(1, num_bytes);
 	state->refs = 1;
+	state->num_names = db->name_id;
 	list_init(&state->change_list_head);
 
 	return state;
@@ -165,6 +166,9 @@ int apk_state_lock_dependency(struct apk_state *state,
         struct apk_package *installed = NULL, *latest = NULL, *use;
 	int i;
 
+	if (name->id >= state->num_names)
+		return -1;
+
 	if (ns_empty(state->name[name->id])) {
 		if (dep->result_mask == APK_DEPMASK_CONFLICT)
 			return apk_state_lock_name(state, name, NULL);
@@ -279,6 +283,9 @@ int apk_state_lock_name(struct apk_state *state,
 	struct apk_package *oldpkg = NULL;
 	int i, j, k, r;
 
+	if (name->id >= state->num_names)
+		return -1;
+
 	ns_free(state->name[name->id]);
 	state->name[name->id] = ns_from_pkg(newpkg);
 
-- 
cgit v1.2.3-60-g2f50