From ebe43a5e01c7a581e12db6494419098d1556f5be Mon Sep 17 00:00:00 2001 From: Timo Teras Date: Wed, 15 Apr 2009 12:44:24 +0300 Subject: [PATCH] state: do not derefence unallocated memory Enforce name_id to be within apk_state allocated area. New apk_name:s can be created later for e.g. unknown packages requested at command line. --- src/apk_state.h | 2 +- src/state.c | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/apk_state.h b/src/apk_state.h index 402b919..88a5ad0 100644 --- a/src/apk_state.h +++ b/src/apk_state.h @@ -23,7 +23,7 @@ struct apk_change { }; struct apk_state { - int refs; + unsigned int refs, num_names; struct list_head change_list_head; apk_name_state_t name[]; }; diff --git a/src/state.c b/src/state.c index 0113506..c07c806 100644 --- a/src/state.c +++ b/src/state.c @@ -121,6 +121,7 @@ struct apk_state *apk_state_new(struct apk_database *db) num_bytes = sizeof(struct apk_state) + db->name_id * sizeof(char *); state = (struct apk_state*) calloc(1, num_bytes); state->refs = 1; + state->num_names = db->name_id; list_init(&state->change_list_head); return state; @@ -165,6 +166,9 @@ int apk_state_lock_dependency(struct apk_state *state, struct apk_package *installed = NULL, *latest = NULL, *use; int i; + if (name->id >= state->num_names) + return -1; + if (ns_empty(state->name[name->id])) { if (dep->result_mask == APK_DEPMASK_CONFLICT) return apk_state_lock_name(state, name, NULL); @@ -279,6 +283,9 @@ int apk_state_lock_name(struct apk_state *state, struct apk_package *oldpkg = NULL; int i, j, k, r; + if (name->id >= state->num_names) + return -1; + ns_free(state->name[name->id]); state->name[name->id] = ns_from_pkg(newpkg);