teknoraver / rpms / systemd

Forked from rpms/systemd 2 months ago
Clone

Blame SOURCES/0750-sd-bus-switch-to-a-manual-overflow-check-in-sd_bus_t.patch

15abaf
From 78b5b6dbd0bb4e5644e798748d186cca88fc523d Mon Sep 17 00:00:00 2001
15abaf
From: Lennart Poettering <lennart@poettering.net>
15abaf
Date: Wed, 20 Apr 2022 22:30:22 +0200
15abaf
Subject: [PATCH] sd-bus: switch to a manual overflow check in
15abaf
 sd_bus_track_add_name()
15abaf
15abaf
This is generally used in a directly client controllable way, hence we
15abaf
should handle ref count overflow gracefully, instead of hitting an
15abaf
assert().
15abaf
15abaf
As discussed:
15abaf
15abaf
https://github.com/systemd/systemd/pull/23099#discussion_r854341850
15abaf
(cherry picked from commit 7f40cb7c86b0fff3a82096a9499570bad9c19fd2)
15abaf
15abaf
[msekleta: We've never switched to using track_item_ref/unref introduced
15abaf
in c2d7dd35d2 hence we still had potential undefined behavior related to
15abaf
overflow check and this commit fixes that.]
15abaf
15abaf
Related: #2084052
15abaf
---
15abaf
 src/libsystemd/sd-bus/bus-track.c | 10 +++++++---
15abaf
 1 file changed, 7 insertions(+), 3 deletions(-)
15abaf
15abaf
diff --git a/src/libsystemd/sd-bus/bus-track.c b/src/libsystemd/sd-bus/bus-track.c
15abaf
index 8893f190a1..b818e93bec 100644
15abaf
--- a/src/libsystemd/sd-bus/bus-track.c
15abaf
+++ b/src/libsystemd/sd-bus/bus-track.c
15abaf
@@ -208,12 +208,16 @@ _public_ int sd_bus_track_add_name(sd_bus_track *track, const char *name) {
15abaf
         i = hashmap_get(track->names, name);
15abaf
         if (i) {
15abaf
                 if (track->recursive) {
15abaf
-                        unsigned k = i->n_ref + 1;
15abaf
+                        assert(i->n_ref > 0);
15abaf
 
15abaf
-                        if (k < i->n_ref) /* Check for overflow */
15abaf
+                        /* Manual oveflow check (instead of a DEFINE_TRIVIAL_REF_FUNC() helper or so), so
15abaf
+                         * that we can return a proper error, given this is almost always called in a
15abaf
+                         * directly client controllable way, and thus better should never hit an assertion
15abaf
+                         * here. */
15abaf
+                        if (i->n_ref >= UINT_MAX)
15abaf
                                 return -EOVERFLOW;
15abaf
 
15abaf
-                        i->n_ref = k;
15abaf
+                        i->n_ref++;
15abaf
                 }
15abaf
 
15abaf
                 bus_track_remove_from_queue(track);