ACK
On 11/27/2012 1:07 PM, Jan Friesse wrote:
> When object_key_increment or _decrement is called on [u]int16 value,
> uninitialized value is read as result value.
>
> Solution is to read really only 16-bits.
>
> Signed-off-by: Jan Friesse <jfriesse@xxxxxxxxxx>
> ---
> exec/objdb.c | 24 ++++++++++++++----------
> 1 files changed, 14 insertions(+), 10 deletions(-)
>
> diff --git a/exec/objdb.c b/exec/objdb.c
> index baadda3..5d7c124 100644
> --- a/exec/objdb.c
> +++ b/exec/objdb.c
> @@ -1100,26 +1100,33 @@ static int object_key_increment (
> switch (object_key->value_type) {
> case OBJDB_VALUETYPE_INT16:
> (*(int16_t *)object_key->value)++;
> + *value = *(int16_t *)object_key->value;
> break;
> case OBJDB_VALUETYPE_UINT16:
> (*(uint16_t *)object_key->value)++;
> + *value = *(uint16_t *)object_key->value;
> break;
> case OBJDB_VALUETYPE_INT32:
> (*(int32_t *)object_key->value)++;
> + *value = *(int32_t *)object_key->value;
> break;
> case OBJDB_VALUETYPE_UINT32:
> (*(uint32_t *)object_key->value)++;
> + *value = *(uint32_t *)object_key->value;
> break;
> case OBJDB_VALUETYPE_INT64:
> (*(int64_t *)object_key->value)++;
> + *value = *(int64_t *)object_key->value;
> break;
> case OBJDB_VALUETYPE_UINT64:
> (*(uint64_t *)object_key->value)++;
> + *value = *(uint64_t *)object_key->value;
> break;
> case OBJDB_VALUETYPE_ANY:
> /* for backwards compatibilty */
> if (object_key->value_len == sizeof(int)) {
> (*(int *)object_key->value)++;
> + *value = *(int *)object_key->value;
> }
> else {
> res = -1;
> @@ -1129,11 +1136,6 @@ static int object_key_increment (
> res = -1;
> break;
> }
> - if (res == 0) {
> - /* nasty, not sure why we need to return this typed
> - * instead of void* */
> - *value = *(int *)object_key->value;
> - }
> }
> else {
> res = -1;
> @@ -1187,26 +1189,33 @@ static int object_key_decrement (
> switch (object_key->value_type) {
> case OBJDB_VALUETYPE_INT16:
> (*(int16_t *)object_key->value)--;
> + *value = *(int16_t *)object_key->value;
> break;
> case OBJDB_VALUETYPE_UINT16:
> (*(uint16_t *)object_key->value)--;
> + *value = *(uint16_t *)object_key->value;
> break;
> case OBJDB_VALUETYPE_INT32:
> (*(int32_t *)object_key->value)--;
> + *value = *(int32_t *)object_key->value;
> break;
> case OBJDB_VALUETYPE_UINT32:
> (*(uint32_t *)object_key->value)--;
> + *value = *(uint32_t *)object_key->value;
> break;
> case OBJDB_VALUETYPE_INT64:
> (*(int64_t *)object_key->value)--;
> + *value = *(int64_t *)object_key->value;
> break;
> case OBJDB_VALUETYPE_UINT64:
> (*(uint64_t *)object_key->value)--;
> + *value = *(uint64_t *)object_key->value;
> break;
> case OBJDB_VALUETYPE_ANY:
> /* for backwards compatibilty */
> if (object_key->value_len == sizeof(int)) {
> (*(int *)object_key->value)--;
> + *value = *(int *)object_key->value;
> }
> else {
> res = -1;
> @@ -1216,11 +1225,6 @@ static int object_key_decrement (
> res = -1;
> break;
> }
> - if (res == 0) {
> - /* nasty, not sure why we need to return this typed
> - * instead of void* */
> - *value = *(int *)object_key->value;
> - }
> }
> else {
> res = -1;
>
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
