gnokii-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] libgnokii and core programs branch, master, updated. rel_0_6_29-50

From: Daniele Forsi
Subject: [SCM] libgnokii and core programs branch, master, updated. rel_0_6_29-500-gd95ad97
Date: Sat, 27 Apr 2013 21:30:30 +0000 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "libgnokii and core programs".

The branch, master has been updated
       via  d95ad97808e94e29041cd1a640f8100f131e7ec2 (commit)
      from  29b41bd32d09bd73c9050dfea3fad48d5eb73383 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/gnokii.git/commit/?id=d95ad97808e94e29041cd1a640f8100f131e7ec2


commit d95ad97808e94e29041cd1a640f8100f131e7ec2
Author: Daniele Forsi <address@hidden>
Date:   Sat Apr 27 22:59:02 2013 +0200

    Fix off-by-ones causing "Use of uninitialised value"
    
    Remove bogus string terminators that overwrite the first byte of UCS2
    chars (eg. if text starts at string+5 terminator would be at string+5+j+1);
    char_unicode_encode() doesn't add the string terminator is added by 
PackBlock().
    Tested with testsuite/vcard/vcard-minimal-ascii.vcf and
    echo "Foo;+1234;SM;100;0;11;0;2;+1234" | libtool --mode=execute valgrind 
--track-origins=yes gnokii/gnokii --phone 7110 --writephonebook -o
    
    Fixes:
    Writing phonebook entry Foo...
    Message sent: 0x03 / 0x003d
    00 01 00 0b 00 01 01 00 00 0c 00 06 00 64 00 00 |              d
    00 03 07 00 00 0d 01 07 00 46 00 6f 00 6f 00 1e |          F o o
    00 00 08 02 01 00 00 0b 00 00 16 03 00 00 00 00 |
    0a 00 2b 00 31 00 32 00 33 00 34 ==29985== Use of uninitialised value of 
size 4
    ==29985==    at 0x44020D8: _itoa_word (_itoa.c:196)
    ==29985==    by 0x440598B: vfprintf (vfprintf.c:1622)
    ==29985==    by 0x4407BB1: buffered_vfprintf (vfprintf.c:2289)
    ==29985==    by 0x4402DC2: vfprintf (vfprintf.c:1309)
    ==29985==    by 0x807DF87: log_printf.part.0 (misc.c:369)
    ==29985==    by 0x43E2F73: __gconv_release_cache (gconv_cache.c:460)
    ==29985==  Uninitialised value was created by a stack allocation
    ==29985==    at 0x80A7AB9: NK7110_WritePhonebookLocation (nk7110.c:857)
    ==29985==
    ==29985== Conditional jump or move depends on uninitialised value(s)
    ==29985==    at 0x44020E3: _itoa_word (_itoa.c:196)
    ==29985==    by 0x440598B: vfprintf (vfprintf.c:1622)
    ==29985==    by 0x4407BB1: buffered_vfprintf (vfprintf.c:2289)
    ==29985==    by 0x4402DC2: vfprintf (vfprintf.c:1309)
    ==29985==    by 0x807DF87: log_printf.part.0 (misc.c:369)
    ==29985==    by 0x43E2F73: __gconv_release_cache (gconv_cache.c:460)
    ==29985==  Uninitialised value was created by a stack allocation
    ==29985==    at 0x80A7AB9: NK7110_WritePhonebookLocation (nk7110.c:857)
    ==29985==
    00 ==29985== Use of uninitialised value of size 4
    ==29985==    at 0x80614FF: sm_message_dump (gsm-statemachine.c:389)
    ==29985==    by 0x806160A: sm_message_send (gsm-statemachine.c:41)
    ==29985==    by 0x80A7E10: NK7110_WritePhonebookLocation (nk7110.c:939)
    ==29985==    by 0x100FF: ???
    ==29985==  Uninitialised value was created by a stack allocation
    ==29985==    at 0x80A7AB9: NK7110_WritePhonebookLocation (nk7110.c:857)
    ==29985==
    00          |   + 1 2 3 4
    ==29985== Syscall param write(buf) points to uninitialised byte(s)
    ==29985==    at 0x41CB293: __write_nocancel (syscall-template.S:82)
    ==29985==    by 0x80B8F56: serial_write (unixserial.c:367)
    ==29985==    by 0x80B4559: device_write (device.c:261)
    ==29985==    by 0x1003EFF: ???
    ==29985==  Address 0xbea18b3c is on thread 1's stack
    ==29985==  Uninitialised value was created by a stack allocation
    ==29985==    at 0x80A7AB9: NK7110_WritePhonebookLocation (nk7110.c:857)
    ==29985==

diff --git a/common/phones/nk7110.c b/common/phones/nk7110.c
index be84e1a..d1ba7c8 100644
--- a/common/phones/nk7110.c
+++ b/common/phones/nk7110.c
@@ -877,9 +877,8 @@ static gn_error NK7110_WritePhonebookLocation(gn_data 
*data, struct gn_statemach
                /* Name */
                i = strlen(entry->name);
                i = char_unicode_encode((string + 1), entry->name, i);
-               /* Length of the string + length field + terminating 0 */
-               string[0] = i + 2;
-               count += PackBlock(0x07, i + 2, block++, string, req + count);
+               string[0] = i;
+               count += PackBlock(0x07, i + 1, block++, string, req + count);
                /* Group */
                string[0] = entry->caller_group + 1;
                string[1] = 0;
@@ -892,9 +891,8 @@ static gn_error NK7110_WritePhonebookLocation(gn_data 
*data, struct gn_statemach
                        string[1] = string[2] = string[3] = 0;
                        j = strlen(entry->number);
                        j = char_unicode_encode((string + 5), entry->number, j);
-                       string[j + 1] = 0;
                        string[4] = j;
-                       count += PackBlock(0x0b, j + 6, block++, string, req + 
count);
+                       count += PackBlock(0x0b, j + 5, block++, string, req + 
count);
                } else {
                        /* Default Number */
                        defaultn = 999;
@@ -907,9 +905,8 @@ static gn_error NK7110_WritePhonebookLocation(gn_data 
*data, struct gn_statemach
                                string[1] = string[2] = string[3] = 0;
                                j = 
strlen(entry->subentries[defaultn].data.number);
                                j = char_unicode_encode((string + 5), 
entry->subentries[defaultn].data.number, j);
-                               string[j + 1] = 0;
                                string[4] = j;
-                               count += PackBlock(0x0b, j + 6, block++, 
string, req + count);
+                               count += PackBlock(0x0b, j + 5, block++, 
string, req + count);
                        }
                        /* Rest of the numbers */
                        for (i = 0; i < entry->subentries_count; i++)
@@ -919,14 +916,12 @@ static gn_error NK7110_WritePhonebookLocation(gn_data 
*data, struct gn_statemach
                                                string[1] = string[2] = 
string[3] = 0;
                                                j = 
strlen(entry->subentries[i].data.number);
                                                j = char_unicode_encode((string 
+ 5), entry->subentries[i].data.number, j);
-                                               string[j + 1] = 0;
                                                string[4] = j;
                                                count += PackBlock(0x0b, j + 6, 
block++, string, req + count);
                                        }
                                } else {
                                        j = 
strlen(entry->subentries[i].data.number);
                                        j = char_unicode_encode((string + 1), 
entry->subentries[i].data.number, j);
-                                       string[j + 1] = 0;
                                        string[0] = j;
                                        count += 
PackBlock(entry->subentries[i].entry_type, j + 2, block++, string, req + count);
                                }

-----------------------------------------------------------------------

Summary of changes:
 common/phones/nk7110.c |   13 ++++---------
 1 files changed, 4 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
libgnokii and core programs
reply via email to
[Prev in Thread] Current Thread [Next in Thread]