On 8/13/19 7:56 PM, Frediano Ziglio wrote:
Check that combination of fields for an array does not
lead to unsafe code.
check_valid method came from generate_c_declaration with
some more check and it's use in demarshaller to validate
the array if the structure is not generated.
Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
---
python_modules/demarshal.py | 2 ++
python_modules/ptypes.py | 18 +++++++++++++++++-
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/python_modules/demarshal.py b/python_modules/demarshal.py
index acd4b6f..3736976 100644
--- a/python_modules/demarshal.py
+++ b/python_modules/demarshal.py
@@ -315,6 +315,8 @@ def write_validate_pointer_item(writer, container, item, scope, parent_scope, st
def write_validate_array_item(writer, container, item, scope, parent_scope, start,
want_nw_size, want_mem_size, want_extra_size):
array = item.type
+ if item.member:
+ array.check_valid(item.member)
is_byte_size = False
element_type = array.element_type
if array.is_bytes_length():
diff --git a/python_modules/ptypes.py b/python_modules/ptypes.py
index 311ce3d..7a23bca 100644
--- a/python_modules/ptypes.py
+++ b/python_modules/ptypes.py
@@ -485,7 +485,23 @@ class ArrayType(Type):
def c_type(self):
return self.element_type.c_type()
Would be nice to add a comment saying what checks are made.
(Even though there are not many comments
+ def check_valid(self, member):
+ if member.has_attr("chunk") or member.has_attr("as_ptr"):
+ return
+ if member.has_attr("to_ptr") or member.has_attr("ptr_array"):
Does 'to_ptr' have identifier/constant_length ? It's just a pointer.
Uri.
+ if not (self.is_identifier_length() or self.is_constant_length()):
+ raise Exception("Unsecure, no length of array")
+ return
+ if member.has_end_attr():
+ return
+ if self.is_remaining_length():
+ raise Exception('C output array is not allocated')
+ if self.is_constant_length() or self.is_identifier_length():
+ return
+ raise NotImplementedError('unknown array %s' % str(self))
+
def generate_c_declaration(self, writer, member):
+ self.check_valid(member)
name = member.name
if member.has_attr("chunk"):
return writer.writeln('SpiceChunks *%s;' % name)
@@ -497,7 +513,7 @@ class ArrayType(Type):
return writer.writeln('%s *%s;' % (self.c_type(), name))
if member.has_attr("ptr_array"):
return writer.writeln('%s *%s[0];' % (self.c_type(), name))
- if member.has_end_attr() or self.is_remaining_length():
+ if member.has_end_attr():
return writer.writeln('%s %s[0];' % (self.c_type(), name))
if self.is_constant_length():
return writer.writeln('%s %s[%s];' % (self.c_type(), name, self.size))
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel