OSDN > Entwickler > samuel3 > Kammer > mingw-get > Commit

mingw-get
Fork

R/O
HTTP
SSH
HTTPS

Commit

Commit MetaInfo

Revision	9d0066d0131365c53752743edc67e4c8b4823c04 (tree)
Zeit	2013-01-08 22:01:22
Autor	Keith Marshall <keithmarshall@user...>
Commiter	Keith Marshall

Log Message

Avoid potential heap corruption in action scheduler.

Ändern Zusammenfassung

modified: ChangeLog (diff)
modified: src/guiexec.cpp (diff)
modified: src/pkgexec.cpp (diff)

Diff

--- a/ChangeLog

+++ b/ChangeLog

		@@ -1,3 +1,15 @@
	1	+2013-01-08 Keith Marshall <keithmarshall@users.sourceforge.net>
	2	+
	3	+ Avoid potential heap corruption in action scheduler.
	4	+
	5	+ * src/guiexec.cpp (pkgActionItem::Clear): Factor out; relocate to...
	6	+ * src/pkgexec.cpp (pkgActionItem::Clear): ...here; this keeps all use
	7	+ of new and delete operators on the same side of the EXE/DLL boundary
	8	+ as the constructor and destructor for pkgActionItem objects.
	9	+ (pkgActionItem::Schedule): Ensure that all min_wanted and max_wanted
	10	+ references are unique to each allocated pkgActionItem object, so that
	11	+ the destructor may safely release their associated heap memory blocks.
	12	+
1	13	2013-01-07 Keith Marshall <keithmarshall@users.sourceforge.net>
2	14
3	15	Update copyright notification for development in new year.

--- a/src/guiexec.cpp

+++ b/src/guiexec.cpp

		@@ -4,7 +4,7 @@
4	4	* $Id$
5	5	*
6	6	* Written by Keith Marshall <keithmarshall@users.sourceforge.net>
7		- * Copyright (C) 2012, MinGW.org Project
	7	+ * Copyright (C) 2012, 2013, MinGW.org Project
8	8	*
9	9	*
10	10	* Implementation of XML data loading services for the mingw-get GUI.

		@@ -440,54 +440,6 @@ inline unsigned long AppWindowMaker::EnumerateActions( int classified )
440	440	return pkgData->Schedule()->EnumeratePendingActions( classified );
441	441	}
442	442
443		-pkgActionItem
444		-pkgActionItem::Clear( pkgActionItem schedule, unsigned long mask )
445		-#define ACTION_PRESERVE_FAILED (ACTION_DOWNLOAD_FAILED \| ACTION_APPLY_FAILED)
446		-{
447		- /* Method to remove those action items which have no attribute flags in common
448		- * with the specified mask, from the schedule; return the residual schedule of
449		- * items, if any, which were not removed. (Note that specifying a mask with a
450		- * value of 0UL, which is the default, results in removal of all items).
451		- */
452		- pkgActionItem *residual = NULL;
453		-
454		- /* Starting at the specified item, or the invoking class object item
455		- * if no starting point is specified...
456		- */
457		- if( (schedule != NULL) \|\| ((schedule = this) != NULL) )
458		- {
459		- /* ...and provided this starting point is not NULL, walk back to
460		- * the first item in the associated task schedule...
461		- */
462		- while( schedule->prev != NULL ) schedule = schedule->prev;
463		- while( schedule != NULL )
464		- {
465		- /* ...then, processing each scheduled task item in sequence, and
466		- * keeping track of the next to be processed...
467		- */
468		- pkgActionItem *nextptr = schedule->next;
469		- if( (schedule->flags & mask) == 0 )
470		- /*
471		- * ...delete each which doesn't match any masked attribute...
472		- */
473		- delete schedule;
474		-
475		- else
476		- /* ...otherwise add it to the residual schedule.
477		- */
478		- residual = schedule;
479		-
480		- /* In either event, move on to the next item in sequence, if any.
481		- */
482		- schedule = nextptr;
483		- }
484		- }
485		- /* Ultimately, return a pointer to the last item added to the residual
486		- * schedule, or NULL if all items were deleted.
487		- */
488		- return residual;
489		-}
490		-
491	443	static int pkgActionCount( HWND dlg, int id, const char *fmt, int classified )
492	444	{
493	445	/* Helper function to itemise the currently scheduled actions

		@@ -609,6 +561,7 @@ int AppWindowMaker::Invoked( void )
609	561	}
610	562
611	563	long AppWindowMaker::OnCommand( WPARAM cmd )
	564	+#define ACTION_PRESERVE_FAILED (ACTION_DOWNLOAD_FAILED \| ACTION_APPLY_FAILED)
612	565	{
613	566	/* Handler for WM_COMMAND messages which are directed to the
614	567	* top level application window.

--- a/src/pkgexec.cpp

+++ b/src/pkgexec.cpp

		@@ -4,7 +4,7 @@
4	4	* $Id$
5	5	*
6	6	* Written by Keith Marshall <keithmarshall@users.sourceforge.net>
7		- * Copyright (C) 2009, 2010, 2011, 2012, MinGW.org Project
	7	+ * Copyright (C) 2009, 2010, 2011, 2012, 2013, MinGW.org Project
8	8	*
9	9	*
10	10	* Implementation of package management task scheduler and executive.

		@@ -302,7 +302,27 @@ pkgActionItem::Schedule( unsigned long action, pkgActionItem& item )
302	302	* action, in case it is required to complete the request.
303	303	*/
304	304	action \|= ACTION_DOWNLOAD;
305		- rtn->flags = action \| (rtn->flags & ~ACTION_MASK);
	305	+ rtn->flags = action \| (item.flags & ~ACTION_MASK);
	306	+
	307	+ /* The min_wanted and max_wanted properties, if defined, refer
	308	+ * to dynamically allocated memory blocks, (on the heap); these
	309	+ * must have only one action item owner; currently, the original
	310	+ * item and the copy we've just made are both effective owners,
	311	+ * and we want only the copy to retain this ownership, we must
	312	+ * detach them from the original item.
	313	+ */
	314	+ item.min_wanted = item.max_wanted = NULL;
	315	+
	316	+ /* Similarly, we must transfer any linkage into the schedule of
	317	+ * actions from the original item to the copy.
	318	+ */
	319	+ if( item.prev != NULL ) (item.prev)->next = rtn;
	320	+ if( item.next != NULL ) (item.next)->prev = rtn;
	321	+ item.prev = item.next = NULL;
	322	+
	323	+ /* Finally, we return the copy, leaving the ultimate disposal
	324	+ * of the original to the caller's discretion.
	325	+ */
306	326	return rtn;
307	327	}
308	328

		@@ -642,6 +662,52 @@ void pkgActionItem::Execute( bool with_download )
642	662	}
643	663	}
644	664
	665	+pkgActionItem pkgActionItem::Clear( pkgActionItem schedule, unsigned long mask )
	666	+{
	667	+ /* Method to remove those action items which have no attribute flags in common
	668	+ * with the specified mask, from the schedule; return the residual schedule of
	669	+ * items, if any, which were not removed. (Note that specifying a mask with a
	670	+ * value of 0UL, which is the default, results in removal of all items).
	671	+ */
	672	+ pkgActionItem *residual = NULL;
	673	+
	674	+ /* Starting at the specified item, or the invoking class object item
	675	+ * if no starting point is specified...
	676	+ */
	677	+ if( (schedule != NULL) \|\| ((schedule = this) != NULL) )
	678	+ {
	679	+ /* ...and provided this starting point is not NULL, walk back to
	680	+ * the first item in the associated task schedule...
	681	+ */
	682	+ while( schedule->prev != NULL ) schedule = schedule->prev;
	683	+ while( schedule != NULL )
	684	+ {
	685	+ /* ...then, processing each scheduled task item in sequence, and
	686	+ * keeping track of the next to be processed...
	687	+ */
	688	+ pkgActionItem *nextptr = schedule->next;
	689	+ if( (schedule->flags & mask) == 0 )
	690	+ /*
	691	+ * ...delete each which doesn't match any masked attribute...
	692	+ */
	693	+ delete schedule;
	694	+
	695	+ else
	696	+ /* ...otherwise add it to the residual schedule.
	697	+ */
	698	+ residual = schedule;
	699	+
	700	+ /* In either event, move on to the next item in sequence, if any.
	701	+ */
	702	+ schedule = nextptr;
	703	+ }
	704	+ }
	705	+ /* Ultimately, return a pointer to the last item added to the residual
	706	+ * schedule, or NULL if all items were deleted.
	707	+ */
	708	+ return residual;
	709	+}
	710	+
645	711	pkgActionItem::~pkgActionItem()
646	712	{
647	713	/* Destructor...

mingw-get Fork