From ddc1a3e385faa982e73099884ab0f6b1b242561a Mon Sep 17 00:00:00 2001
From: Martin Stjernholm <mast@lysator.liu.se>
Date: Tue, 27 Jul 2010 18:46:06 +0200
Subject: [PATCH] Fixed several cases of unsafe use of get_all_args for
optional args.
Rev: src/builtin_functions.c:1.704
Rev: src/cpp.c:1.178
Rev: src/modules/Gettext/gettext.c:1.28
Rev: src/modules/Image/font.c:1.92
Rev: src/modules/_Roxen/roxen.c:1.56
Rev: src/modules/files/socket.c:1.112
Rev: src/modules/files/udp.c:1.84
Rev: src/post_modules/GTK2/source/gnomecanvas.pre:1.8
Rev: src/post_modules/GTK2/source/gtksourceiter.pre:1.7
Rev: src/post_modules/GTK2/source/gtktextiter.pre:1.14
---
src/builtin_functions.c | 8 ++---
src/cpp.c | 11 +++----
src/modules/Gettext/gettext.c | 29 +++++++------------
src/modules/Image/font.c | 10 +++----
src/modules/_Roxen/roxen.c | 3 +-
src/modules/files/socket.c | 8 ++---
src/modules/files/udp.c | 4 +--
src/post_modules/GTK2/source/gnomecanvas.pre | 11 ++++---
.../GTK2/source/gtksourceiter.pre | 4 +--
src/post_modules/GTK2/source/gtktextiter.pre | 4 +--
10 files changed, 42 insertions(+), 50 deletions(-)
diff --git a/src/builtin_functions.c b/src/builtin_functions.c
index 822618c967..1f30123e0f 100644
--- a/src/builtin_functions.c
+++ b/src/builtin_functions.c
@@ -2,7 +2,7 @@
|| This file is part of Pike. For copyright information see COPYRIGHT.
|| Pike is distributed under GPL, LGPL and MPL. See the file COPYING
|| for more information.
-|| $Id: builtin_functions.c,v 1.703 2010/07/27 15:33:37 mast Exp $
+|| $Id: builtin_functions.c,v 1.704 2010/07/27 16:46:01 mast Exp $
*/
#include "global.h"
@@ -2886,13 +2886,13 @@ PMOD_EXPORT void f_time(INT32 args)
PMOD_EXPORT void f_crypt(INT32 args)
{
char salt[2];
- char *ret, *pwd, *saltp;
+ char *ret, *pwd, *saltp = NULL;
char *choise =
"cbhisjKlm4k65p7qrJfLMNQOPxwzyAaBDFgnoWXYCZ0123tvdHueEGISRTUV89./";
get_all_args("crypt", args, "%s.%s", &pwd, &saltp);
- if(args>1)
+ if(saltp)
{
if( Pike_sp[1-args].u.string->len < 2 )
{
@@ -5501,7 +5501,7 @@ static int my_time_inverse (struct tm *target_tm, time_t *result, time_fn timefn
PMOD_EXPORT void f_mktime (INT32 args)
{
INT_TYPE sec, min, hour, mday, mon, year;
- INT_TYPE isdst = -1, tz;
+ INT_TYPE isdst = -1, tz = 0;
struct tm date;
time_t retval;
diff --git a/src/cpp.c b/src/cpp.c
index af54677fbe..6801e20a91 100644
--- a/src/cpp.c
+++ b/src/cpp.c
@@ -2,7 +2,7 @@
|| This file is part of Pike. For copyright information see COPYRIGHT.
|| Pike is distributed under GPL, LGPL and MPL. See the file COPYING
|| for more information.
-|| $Id: cpp.c,v 1.177 2009/03/08 22:08:27 grubba Exp $
+|| $Id: cpp.c,v 1.178 2010/07/27 16:46:02 mast Exp $
*/
#include "global.h"
@@ -1760,7 +1760,7 @@ void f_cpp(INT32 args)
struct object *handler = 0;
- int compat_major, compat_minor, picky_cpp;
+ int compat_major = 0, compat_minor = 0, picky_cpp = 0;
ONERROR err;
#ifdef PIKE_DEBUG
@@ -1817,13 +1817,10 @@ void f_cpp(INT32 args)
}
}
- if(args > 5)
+ if(compat_major)
cpp_change_compat(&this, compat_major, compat_minor);
- if(args > 6)
- this.picky_cpp = picky_cpp;
- else
- this.picky_cpp = 0;
+ this.picky_cpp = picky_cpp;
if (use_initial_predefs)
/* Typically compiling the master here. */
diff --git a/src/modules/Gettext/gettext.c b/src/modules/Gettext/gettext.c
index 9aa560ee94..0e77cb00ae 100644
--- a/src/modules/Gettext/gettext.c
+++ b/src/modules/Gettext/gettext.c
@@ -2,7 +2,7 @@
|| This file is part of Pike. For copyright information see COPYRIGHT.
|| Pike is distributed under GPL, LGPL and MPL. See the file COPYING
|| for more information.
-|| $Id: gettext.c,v 1.27 2008/04/01 08:01:28 mast Exp $
+|| $Id: gettext.c,v 1.28 2010/07/27 16:46:04 mast Exp $
*/
#include "global.h"
@@ -75,28 +75,19 @@
*/
void f_gettext(INT32 args)
{
- const char *domain, *msg;
- int cat;
+ const char *domain = NULL, *msg;
+ int cat = 0;
get_all_args("Locale.Gettext.gettext", args, "%c.%C%D", &msg, &domain, &cat);
- switch(args) {
-#ifdef PIKE_DEBUG
- case 0:
- /* NOT_REACHED, but... */
- Pike_error("Too few arguments to Locale.Gettext.gettext().\n");
- break;
-#endif
- case 1:
- push_text(gettext(msg));
- break;
- case 2:
- push_text(dgettext(domain, msg));
- break;
- default:
- push_text(dcgettext(domain, msg, cat));
- break;
+ if (domain) {
+ if (args > 2 && Pike_sp[2-args].subtype == NUMBER_NUMBER)
+ push_text(dcgettext(domain, msg, cat));
+ else
+ push_text(dgettext(domain, msg));
}
+ else
+ push_text(gettext(msg));
stack_pop_n_elems_keep_top(args);
}
diff --git a/src/modules/Image/font.c b/src/modules/Image/font.c
index ea41e3cb84..7f2475ed94 100644
--- a/src/modules/Image/font.c
+++ b/src/modules/Image/font.c
@@ -2,7 +2,7 @@
|| This file is part of Pike. For copyright information see COPYRIGHT.
|| Pike is distributed under GPL, LGPL and MPL. See the file COPYING
|| for more information.
-|| $Id: font.c,v 1.91 2008/05/04 00:34:22 nilsson Exp $
+|| $Id: font.c,v 1.92 2010/07/27 16:46:05 mast Exp $
*/
#include "global.h"
@@ -310,11 +310,11 @@ void font_load(INT32 args)
size_t mmaped_size = 0;
#endif
size_t size = 0;
- char *filename;
+ char *filename = NULL;
get_all_args("Image.Font->load()", args, ".%s", &filename);
- if (!args)
+ if (!filename)
{
fh = (struct file_head *)image_default_font;
size = IMAGE_DEFAULT_FONT_SIZE;
@@ -408,7 +408,7 @@ void font_load(INT32 args)
new_font=malloc(sizeof(struct font)+
sizeof(struct _char)*(num_chars-1));
if(!new_font) {
- if (args) {
+ if (filename) {
#ifdef HAVE_MMAP
if (mmaped_size)
munmap((void *)fh, mmaped_size);
@@ -470,7 +470,7 @@ void font_load(INT32 args)
#ifdef FONT_DEBUG
else fprintf(stderr,"FONT wrong cookie\n");
#endif
- if (args) {
+ if (filename) {
#ifdef HAVE_MMAP
if (mmaped_size)
munmap((void *)fh, mmaped_size);
diff --git a/src/modules/_Roxen/roxen.c b/src/modules/_Roxen/roxen.c
index ba602eef89..529202279e 100644
--- a/src/modules/_Roxen/roxen.c
+++ b/src/modules/_Roxen/roxen.c
@@ -2,7 +2,7 @@
|| This file is part of Pike. For copyright information see COPYRIGHT.
|| Pike is distributed under GPL, LGPL and MPL. See the file COPYING
|| for more information.
-|| $Id: roxen.c,v 1.55 2009/07/29 15:48:47 nilsson Exp $
+|| $Id: roxen.c,v 1.56 2010/07/27 16:46:05 mast Exp $
*/
#define NO_PIKE_SHORTHAND
@@ -274,6 +274,7 @@ static void f_hp_create( INT32 args )
THP->headers = NULL;
}
+ THP->mode = 0;
get_all_args("create",args,".%i",&THP->mode);
THP->headers = xalloc( 8192 );
diff --git a/src/modules/files/socket.c b/src/modules/files/socket.c
index 7a5214b50d..fa3f7973a1 100644
--- a/src/modules/files/socket.c
+++ b/src/modules/files/socket.c
@@ -2,7 +2,7 @@
|| This file is part of Pike. For copyright information see COPYRIGHT.
|| Pike is distributed under GPL, LGPL and MPL. See the file COPYING
|| for more information.
-|| $Id: socket.c,v 1.111 2010/06/22 14:02:26 grubba Exp $
+|| $Id: socket.c,v 1.112 2010/07/27 16:46:05 mast Exp $
*/
#define NO_PIKE_SHORTHAND
@@ -191,7 +191,7 @@ static void port_errno(INT32 args)
static void port_listen_fd(INT32 args)
{
struct port *p = THIS;
- struct svalue *cb;
+ struct svalue *cb = NULL;
int fd;
do_close(p);
@@ -214,7 +214,7 @@ static void port_listen_fd(INT32 args)
}
change_fd_for_box (&p->box, fd);
- if(args > 1) assign_accept_cb (p, cb);
+ if(cb) assign_accept_cb (p, cb);
p->my_errno=0;
pop_n_elems(args);
push_int(1);
@@ -425,7 +425,7 @@ static void bind_unix(INT32 args)
}
change_fd_for_box (&p->box, fd);
- if(args > 1) assign_accept_cb (p, cb);
+ if (cb) assign_accept_cb (p, cb);
p->my_errno=0;
pop_n_elems(args);
push_int(1);
diff --git a/src/modules/files/udp.c b/src/modules/files/udp.c
index 4e6f02feb3..ff7084d271 100644
--- a/src/modules/files/udp.c
+++ b/src/modules/files/udp.c
@@ -2,7 +2,7 @@
|| This file is part of Pike. For copyright information see COPYRIGHT.
|| Pike is distributed under GPL, LGPL and MPL. See the file COPYING
|| for more information.
-|| $Id: udp.c,v 1.83 2010/06/22 14:02:33 grubba Exp $
+|| $Id: udp.c,v 1.84 2010/07/27 16:46:05 mast Exp $
*/
#define NO_PIKE_SHORTHAND
@@ -1037,7 +1037,7 @@ static void udp_errno(INT32 args)
*/
static void udp_set_type(INT32 args)
{
- int type, proto;
+ int type, proto = 0;
get_all_args("Stdio.UDP->set_type",args,"%d.%d",&type,&proto);
diff --git a/src/post_modules/GTK2/source/gnomecanvas.pre b/src/post_modules/GTK2/source/gnomecanvas.pre
index e020d2f104..15a61ed851 100644
--- a/src/post_modules/GTK2/source/gnomecanvas.pre
+++ b/src/post_modules/GTK2/source/gnomecanvas.pre
@@ -233,12 +233,15 @@ GDK2.Color get_color(?string spec)
{
pgtk2_verify_inited();
{
- GdkColor *color;
+ GdkColor *color = NULL;
char *spec=NULL;
get_all_args("get_color",args,".%s",&color);
- color=(GdkColor *)g_malloc(sizeof(GdkColor));
- if (color==NULL)
- SIMPLE_OUT_OF_MEMORY_ERROR("get_color",sizeof(GdkColor));
+ if (!color) {
+ /* FIXME: This looks like a leak. /mast */
+ color=(GdkColor *)g_malloc(sizeof(GdkColor));
+ if (color==NULL)
+ SIMPLE_OUT_OF_MEMORY_ERROR("get_color",sizeof(GdkColor));
+ }
gnome_canvas_get_color(GNOME_CANVAS(THIS->obj),spec,color);
pgtk2_pop_n_elems(args);
push_gdkobject(color,color,1);
diff --git a/src/post_modules/GTK2/source/gtksourceiter.pre b/src/post_modules/GTK2/source/gtksourceiter.pre
index 62dce94d9d..4f421ae75e 100644
--- a/src/post_modules/GTK2/source/gtksourceiter.pre
+++ b/src/post_modules/GTK2/source/gtksourceiter.pre
@@ -26,7 +26,7 @@ array backward_search(string str, int flags, ?GTK2.TextIter limit)
GtkTextBuffer *sb;
char *str;
INT_TYPE flags;
- struct object *o1;
+ struct object *o1 = NULL;
int res;
get_all_args("backward_search",args,"%s%i.%o",&str,&flags,&o1);
@@ -61,7 +61,7 @@ array forward_search(string str, int flags, ?GTK2.TextIter limit)
GtkTextBuffer *sb;
char *str;
INT_TYPE flags;
- struct object *o1;
+ struct object *o1 = NULL;
int res;
get_all_args("forward_search",args,"%s%i.%o",&str,&flags,&o1);
diff --git a/src/post_modules/GTK2/source/gtktextiter.pre b/src/post_modules/GTK2/source/gtktextiter.pre
index 192e3a6cd2..1f6aba6085 100644
--- a/src/post_modules/GTK2/source/gtktextiter.pre
+++ b/src/post_modules/GTK2/source/gtktextiter.pre
@@ -1056,7 +1056,7 @@ array forward_search(string str, int flags, ?GTK2.TextIter limit)
GtkTextBuffer *tb;
const gchar *str;
INT_TYPE flags;
- struct object *o1;
+ struct object *o1 = NULL;
int res;
get_all_args("forward_search",args,"%s%i.%o",&str,&flags,&o1);
@@ -1091,7 +1091,7 @@ array backward_search(string str, int flags, ?GTK2.TextIter limit)
GtkTextBuffer *tb;
const gchar *str;
INT_TYPE flags;
- struct object *o1;
+ struct object *o1 = NULL;
int res;
get_all_args("backward_search",args,"%s%i.%o",&str,&flags,&o1);
--
GitLab