[PATCH 1/3] test-isodetect: Fix invalid read when parsing isoinfo files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



While parsing the isoinfo files, we check if the current line starts
with some prefix, but then we skip one byte more when we pass the string
to osinfo_entity_set_param(). This accounts for a space which comes
right after the prefix.
It can happen that the line being parsed ends right after the prefix
with no additional space, in which case we'd be accessing invalid memory
when we try to skip the space.
This commit adds the additional space to the prefix check, and uses
strlen() rather than a hardcoded len when skipping the prefix later on.

This fixes
==10921== Conditional jump or move depends on uninitialised value(s)
==10921==    at 0x4C2BC29: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==10921==    by 0x6A6B222: g_strdup (gstrfuncs.c:362)
==10921==    by 0x553F4F2: osinfo_entity_set_param (osinfo_entity.c:190)
==10921==    by 0x402716: load_iso (test-isodetect.c:141)
==10921==    by 0x4029C7: load_distro (test-isodetect.c:203)
==10921==    by 0x402B3E: load_distros (test-isodetect.c:250)
==10921==    by 0x402C67: load_isos (test-isodetect.c:281)
==10921==    by 0x40306E: test_one (test-isodetect.c:329)
==10921==    by 0x4032E1: test_rhel (test-isodetect.c:367)
==10921==    by 0x532B78A: ??? (in /usr/lib64/libcheck.so.0.0.0)
==10921==    by 0x532BB7C: srunner_run (in /usr/lib64/libcheck.so.0.0.0)
==10921==    by 0x403A4C: main (test-isodetect.c:490)
---
 test/test-isodetect.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/test/test-isodetect.c b/test/test-isodetect.c
index e223d1a..bace7cb 100644
--- a/test/test-isodetect.c
+++ b/test/test-isodetect.c
@@ -133,26 +133,26 @@ static struct ISOInfo *load_iso(GFile *file, const gchar *shortid, const gchar *
     info->media = osinfo_media_new(name, arch);
 
     while ((line = g_data_input_stream_read_line(dis, NULL, NULL, error)) != NULL) {
-        if (g_str_has_prefix(line, "Volume id:")) {
+        if (g_str_has_prefix(line, "Volume id: ")) {
             osinfo_entity_set_param(OSINFO_ENTITY(info->media),
                                     OSINFO_MEDIA_PROP_VOLUME_ID,
-                                    line + 11);
-        } else if (g_str_has_prefix(line, "Publisher id:")) {
+                                    line + strlen("Volume id: "));
+        } else if (g_str_has_prefix(line, "Publisher id: ")) {
             osinfo_entity_set_param(OSINFO_ENTITY(info->media),
                                     OSINFO_MEDIA_PROP_PUBLISHER_ID,
-                                    line + 14);
-        } else if (g_str_has_prefix(line, "System id:")) {
+                                    line + strlen("Publisher id: "));
+        } else if (g_str_has_prefix(line, "System id: ")) {
             osinfo_entity_set_param(OSINFO_ENTITY(info->media),
                                     OSINFO_MEDIA_PROP_SYSTEM_ID,
-                                    line + 11);
-        } else if (g_str_has_prefix(line, "Application id:")) {
+                                    line + strlen("System id "));
+        } else if (g_str_has_prefix(line, "Application id: ")) {
             osinfo_entity_set_param(OSINFO_ENTITY(info->media),
                                     OSINFO_MEDIA_PROP_APPLICATION_ID,
-                                    line + 16);
-        } else if (g_str_has_prefix(line, "Logical block size is:")) {
-            blk_size = (gint64) atoll(line + 23);
-        } else if (g_str_has_prefix(line, "Volume size is:")) {
-            vol_size = atoll(line + 16);
+                                    line + strlen("Application id: "));
+        } else if (g_str_has_prefix(line, "Logical block size is: ")) {
+            blk_size = (gint64) atoll(line + strlen("Logical block size is: "));
+        } else if (g_str_has_prefix(line, "Volume size is: ")) {
+            vol_size = atoll(line + strlen("Volume size is: "));
         }
     }
 
-- 
2.5.0

_______________________________________________
Libosinfo mailing list
Libosinfo@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libosinfo



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Fedora Users]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux