[SCM] Samba Shared Repository - branch master updated

Mon, 04 Jan 2021 02:51:40 -0800 

The branch, master has been updated
       via  3e96c95d41e lib: Avoid declaring zero-length VLAs in various 
messaging functions
      from  54963d246ea Happy New Year 2021!

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 3e96c95d41e4ccd0bf43b3ee78af644e2bc32e30
Author: Dimitry Andric <dimi...@andric.com>
Date:   Fri Jan 1 18:25:48 2021 +0100

    lib: Avoid declaring zero-length VLAs in various messaging functions
    
    In messaging_rec_create(), messaging_recv_cb() and
    messaging_dispatch_rec(), variable length arrays of file descriptors are
    declared using an incoming num_fds parameter.
    
    However, there are several scenarios where num_fds can be zero, and
    declaring a zero-length VLA is undefined behavior. This can lead to
    segmentation faults and/or other crashes when compiling with recent
    versions of clang at high optimization levels.
    
    To avoid ever using zero as the length for these declarations, use
    MAX(1, length) instead.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14605
    
    Signed-off-by: Dimitry Andric <dimi...@andric.com>
    Reviewed-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Ralph Boehme <s...@samba.org>
    
    Autobuild-User(master): Ralph Böhme <s...@samba.org>
    Autobuild-Date(master): Mon Jan  4 10:50:07 UTC 2021 on sn-devel-184

-----------------------------------------------------------------------

Summary of changes:
 source3/lib/messages.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index b63e277115f..b63652ca1a5 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -157,7 +157,7 @@ struct messaging_rec *messaging_rec_create(
 
        {
                struct messaging_rec rec;
-               int64_t fds64[num_fds];
+               int64_t fds64[MAX(1, num_fds)];
                size_t i;
 
                for (i=0; i<num_fds; i++) {
@@ -391,7 +391,7 @@ static void messaging_recv_cb(struct tevent_context *ev,
                private_data, struct messaging_context);
        struct server_id_buf idbuf;
        struct messaging_rec rec;
-       int64_t fds64[MIN(num_fds, INT8_MAX)];
+       int64_t fds64[MAX(1, MIN(num_fds, INT8_MAX))];
        size_t i;
 
        if (msg_len < MESSAGE_HDR_LENGTH) {
@@ -1372,7 +1372,7 @@ static void messaging_dispatch_rec(struct 
messaging_context *msg_ctx,
 
        if (ev != msg_ctx->event_ctx) {
                struct iovec iov;
-               int fds[rec->num_fds];
+               int fds[MAX(1, rec->num_fds)];
                int ret;
 
                /*


-- 
Samba Shared Repository

Reply via email to