diff options
Diffstat (limited to 'lib/ic')
-rw-r--r-- | lib/ic/c_src/oe_ei_decode_wstring.c | 10 | ||||
-rw-r--r-- | lib/ic/c_src/oe_ei_encode_atom.c | 2 | ||||
-rw-r--r-- | lib/ic/doc/src/notes.xml | 40 | ||||
-rw-r--r-- | lib/ic/include/ic.h | 12 | ||||
-rw-r--r-- | lib/ic/test/c_client_erl_server_SUITE_data/c_client.c | 1 | ||||
-rw-r--r-- | lib/ic/test/c_client_erl_server_proto_SUITE_data/c_client.c | 1 | ||||
-rw-r--r-- | lib/ic/test/c_client_erl_server_proto_tmo_SUITE_data/c_client.c | 1 | ||||
-rw-r--r-- | lib/ic/test/erl_client_c_server_SUITE_data/c_server.c | 1 | ||||
-rw-r--r-- | lib/ic/test/erl_client_c_server_proto_SUITE_data/c_server.c | 1 | ||||
-rw-r--r-- | lib/ic/vsn.mk | 2 |
10 files changed, 58 insertions, 13 deletions
diff --git a/lib/ic/c_src/oe_ei_decode_wstring.c b/lib/ic/c_src/oe_ei_decode_wstring.c index 5b676fd579..d2a8270291 100644 --- a/lib/ic/c_src/oe_ei_decode_wstring.c +++ b/lib/ic/c_src/oe_ei_decode_wstring.c @@ -76,10 +76,12 @@ int oe_ei_decode_wstring(const char *buf, int *index, CORBA_wchar *p) { if (p) { /* Decoding part */ /* Allocate temporary string */ - tmp_space = (char*) malloc(length*(__OE_WCHARSZ__+1)); + tmp_space = (char*) malloc((length + 1)*sizeof(char)); - if ((error_code = ei_decode_string(buf, index, tmp_space)) < 0) - return error_code; + if ((error_code = ei_decode_string(buf, index, tmp_space)) < 0) { + free(tmp_space); + return error_code; + } /* Assign characters to wide characters */ for(tmp = 0; tmp < length; tmp++) @@ -88,7 +90,7 @@ int oe_ei_decode_wstring(const char *buf, int *index, CORBA_wchar *p) { p[tmp] = 0; /* Wide NULL */ /* Free temporary string */ - CORBA_free(tmp_space); + free(tmp_space); } else { /* Allocation counting part */ diff --git a/lib/ic/c_src/oe_ei_encode_atom.c b/lib/ic/c_src/oe_ei_encode_atom.c index 99a9fe26f0..9d2c1d5aa3 100644 --- a/lib/ic/c_src/oe_ei_encode_atom.c +++ b/lib/ic/c_src/oe_ei_encode_atom.c @@ -30,7 +30,7 @@ int oe_ei_encode_atom(CORBA_Environment *ev, const char *p) { int size = ev->_iout; size_t len = strlen(p); - if (DIRTY_ATOM_ENC_MAX(len) >= ev->_outbufsz) { + if (size + DIRTY_ATOM_ENC_MAX(len) >= ev->_outbufsz) { ei_encode_atom_len(0,&size,p,len); diff --git a/lib/ic/doc/src/notes.xml b/lib/ic/doc/src/notes.xml index 38cc77ca98..217f7ab740 100644 --- a/lib/ic/doc/src/notes.xml +++ b/lib/ic/doc/src/notes.xml @@ -31,7 +31,45 @@ <file>notes.xml</file> </header> - <section><title>IC 4.4.4</title> + <section><title>IC 4.4.4.2</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Fixed potential buffer overflow bugs in + oe_ei_encode_long/ulong/longlong/ulonglong functions on + 64-bit architectures. These functions expect 32 bit + integers as the IDL type "long" is defined as 32 bits. + But there is nothing preventing user code from "breaking" + the interface and pass larger values on 64-bit + architectures where the C type "long" is 64 bits.</p> + <p> + Own Id: OTP-15179 Aux Id: ERIERL-208 </p> + </item> + </list> + </section> + +</section> + +<section><title>IC 4.4.4.1</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Fixed bug in <c>ic</c> causing potential buffer overrun + in funtion <c>oe_ei_encode_atom</c>. Bug exists since + ic-4.4.4 (OTP-20.3.4).</p> + <p> + Own Id: OTP-15160 Aux Id: ERIERL-191 </p> + </item> + </list> + </section> + +</section> + +<section><title>IC 4.4.4</title> <section><title>Fixed Bugs and Malfunctions</title> <list> diff --git a/lib/ic/include/ic.h b/lib/ic/include/ic.h index 3dc5dbd4b5..1eb9e1e9d9 100644 --- a/lib/ic/include/ic.h +++ b/lib/ic/include/ic.h @@ -251,13 +251,13 @@ extern "C" { #define __OE_MEMCHUNK__ 1024 #define __OE_VSNSZ__ 1 -#define __OE_LONGSZ__ 7 -#define __OE_LONGLONGSZ__ 7 -#define __OE_ULONGSZ__ 7 -#define __OE_ULONGLONGSZ__ 7 -#define __OE_DOUBLESZ__ 32 +#define __OE_LONGSZ__ (3+sizeof(long)) +#define __OE_LONGLONGSZ__ (3+sizeof(long)) +#define __OE_ULONGSZ__ (3+sizeof(long)) +#define __OE_ULONGLONGSZ__ (3+sizeof(long)) +#define __OE_DOUBLESZ__ 9 #define __OE_CHARSZ__ 2 -#define __OE_WCHARSZ__ 7 +#define __OE_WCHARSZ__ (3+sizeof(CORBA_wchar)) #define __OE_TUPLEHDRSZ__ 5 #define __OE_LISTHDRSZ__ 5 diff --git a/lib/ic/test/c_client_erl_server_SUITE_data/c_client.c b/lib/ic/test/c_client_erl_server_SUITE_data/c_client.c index 446b46ad82..098d9cb11b 100644 --- a/lib/ic/test/c_client_erl_server_SUITE_data/c_client.c +++ b/lib/ic/test/c_client_erl_server_SUITE_data/c_client.c @@ -389,6 +389,7 @@ int main(int argc, char **argv) strcpy(env->_regname, peer_process_name); env->_to_pid = NULL; env->_from_pid = &pid; + env->_memchunk = 32; strcpy(pid.node, this_node); pid.num = fd; diff --git a/lib/ic/test/c_client_erl_server_proto_SUITE_data/c_client.c b/lib/ic/test/c_client_erl_server_proto_SUITE_data/c_client.c index d6a78d2481..146cee66a1 100644 --- a/lib/ic/test/c_client_erl_server_proto_SUITE_data/c_client.c +++ b/lib/ic/test/c_client_erl_server_proto_SUITE_data/c_client.c @@ -392,6 +392,7 @@ int main(int argc, char **argv) strcpy(env->_regname, peer_process_name); env->_to_pid = NULL; env->_from_pid = &pid; + env->_memchunk = 32; strcpy(pid.node, this_node); pid.num = fd; diff --git a/lib/ic/test/c_client_erl_server_proto_tmo_SUITE_data/c_client.c b/lib/ic/test/c_client_erl_server_proto_tmo_SUITE_data/c_client.c index 17ef21f4f4..9658825fda 100644 --- a/lib/ic/test/c_client_erl_server_proto_tmo_SUITE_data/c_client.c +++ b/lib/ic/test/c_client_erl_server_proto_tmo_SUITE_data/c_client.c @@ -392,6 +392,7 @@ int main(int argc, char **argv) strcpy(env->_regname, peer_process_name); env->_to_pid = NULL; env->_from_pid = &pid; + env->_memchunk = 32; strcpy(pid.node, this_node); pid.num = fd; diff --git a/lib/ic/test/erl_client_c_server_SUITE_data/c_server.c b/lib/ic/test/erl_client_c_server_SUITE_data/c_server.c index f48480e8dc..32890af794 100644 --- a/lib/ic/test/erl_client_c_server_SUITE_data/c_server.c +++ b/lib/ic/test/erl_client_c_server_SUITE_data/c_server.c @@ -187,6 +187,7 @@ int main(int argc, char **argv) } env = CORBA_Environment_alloc(INBUFSZ, OUTBUFSZ); env->_fd = fd; + env->_memchunk = 32; status = 1; loop = 1; diff --git a/lib/ic/test/erl_client_c_server_proto_SUITE_data/c_server.c b/lib/ic/test/erl_client_c_server_proto_SUITE_data/c_server.c index e2ba5bd5b6..d283bf22da 100644 --- a/lib/ic/test/erl_client_c_server_proto_SUITE_data/c_server.c +++ b/lib/ic/test/erl_client_c_server_proto_SUITE_data/c_server.c @@ -187,6 +187,7 @@ int main(int argc, char **argv) } env = CORBA_Environment_alloc(INBUFSZ, OUTBUFSZ); env->_fd = fd; + env->_memchunk = 32; status = 1; loop = 1; diff --git a/lib/ic/vsn.mk b/lib/ic/vsn.mk index d35d1dce1e..8ef497ee92 100644 --- a/lib/ic/vsn.mk +++ b/lib/ic/vsn.mk @@ -1 +1 @@ -IC_VSN = 4.4.4 +IC_VSN = 4.4.4.2 |