From c3b1e4daa5b0ed5729f0f12bc6a3ba50a391f7f6 Mon Sep 17 00:00:00 2001 From: hongjinghao Date: Thu, 4 Jan 2024 15:15:53 +0800 Subject: [PATCH] Do not crash when reloading configuration with > 128 dirs When `dbus-daemon` sets more than 128 directories for `XDG_DATA_DIRS`, none of the elements in `new_dirs` will be `NULL`, which resulted in these loops reading out-of-bounds (undefined behaviour). In practice this led to a crash. To avoid this, make sure to stop iteration at the end of the array. [smcv: Expanded commit message] Resolves: dbus/dbus#481 --- bus/dir-watch-inotify.c | 4 ++-- bus/dir-watch-kqueue.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bus/dir-watch-inotify.c b/bus/dir-watch-inotify.c index 77b2d5a92..4f269777f 100644 --- a/bus/dir-watch-inotify.c +++ b/bus/dir-watch-inotify.c @@ -131,7 +131,7 @@ _set_watched_dirs_internal (BusContext *context, /* Look for directories in both the old and new sets, if * we find one, move its data into the new set. */ - for (i = 0; new_dirs[i]; i++) + for (i = 0; i < MAX_DIRS_TO_WATCH && new_dirs[i]; i++) { for (j = 0; j < num_wds; j++) { @@ -160,7 +160,7 @@ _set_watched_dirs_internal (BusContext *context, } } - for (i = 0; new_dirs[i]; i++) + for (i = 0; i < MAX_DIRS_TO_WATCH && new_dirs[i]; i++) { if (new_wds[i] == -1) { diff --git a/bus/dir-watch-kqueue.c b/bus/dir-watch-kqueue.c index b419606e3..07b505c99 100644 --- a/bus/dir-watch-kqueue.c +++ b/bus/dir-watch-kqueue.c @@ -235,7 +235,7 @@ bus_set_watched_dirs (BusContext *context, DBusList **directories) /* Look for directories in both the old and new sets, if * we find one, move its data into the new set. */ - for (i = 0; new_dirs[i]; i++) + for (i = 0; i < MAX_DIRS_TO_WATCH && new_dirs[i]; i++) { for (j = 0; j < num_fds; j++) { @@ -264,7 +264,7 @@ bus_set_watched_dirs (BusContext *context, DBusList **directories) } } - for (i = 0; new_dirs[i]; i++) + for (i = 0; i < MAX_DIRS_TO_WATCH && new_dirs[i]; i++) { if (new_fds[i] == -1) { -- GitLab