pidl:NDR/Parser: protect for loops against $length being an expression instead of...
authorStefan Metzmacher <metze@samba.org>
Thu, 11 Jun 2015 06:54:11 +0000 (08:54 +0200)
committerStefan Metzmacher <metze@samba.org>
Fri, 12 Jun 2015 15:08:19 +0000 (17:08 +0200)
This changes

for (value_cntr_1 = 0; value_cntr_1 < r->out.length?*r->out.length:0; value_cntr_1++) {

into:

for (value_cntr_1 = 0; value_cntr_1 < (r->out.length?*r->out.length:0); value_cntr_1++) {

it fixes a possible endless loop resulting in a crash.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm

index 3deab2ec953435d8d47fdb49230ecb78e5e2ef11..fe5f3900cee49159cf19229301a0916cfedb3380 100644 (file)
@@ -670,7 +670,7 @@ sub ParseElementPushLevel
                $var_name = get_array_element($var_name, $counter);
 
                if ((($primitives and not $l->{IS_DEFERRED}) or ($deferred and $l->{IS_DEFERRED})) and not $array_pointless) {
-                       $self->pidl("for ($counter = 0; $counter < $length; $counter++) {");
+                       $self->pidl("for ($counter = 0; $counter < ($length); $counter++) {");
                        $self->indent;
                        $self->ParseElementPushLevel($e, GetNextLevel($e, $l), $ndr, $var_name, $env, 1, 0);
                        $self->deindent;
@@ -678,7 +678,7 @@ sub ParseElementPushLevel
                }
 
                if ($deferred and ContainsDeferred($e, $l) and not $array_pointless) {
-                       $self->pidl("for ($counter = 0; $counter < $length; $counter++) {");
+                       $self->pidl("for ($counter = 0; $counter < ($length); $counter++) {");
                        $self->indent;
                        $self->ParseElementPushLevel($e, GetNextLevel($e, $l), $ndr, $var_name, $env, 0, 1);
                        $self->deindent;
@@ -875,7 +875,7 @@ sub ParseElementPrint($$$$$)
 
                                $self->pidl("$ndr->print($ndr, \"\%s: ARRAY(\%d)\", \"$e->{NAME}\", (int)$length);");
                                $self->pidl("$ndr->depth++;");
-                               $self->pidl("for ($counter=0;$counter<$length;$counter++) {");
+                               $self->pidl("for ($counter = 0; $counter < ($length); $counter++) {");
                                $self->indent;
 
                                $var_name = get_array_element($var_name, $counter);
@@ -1203,7 +1203,7 @@ sub ParseElementPullLevel
                                $self->CheckStringTerminator($ndr,$e,$l,$length);
                        }
 
-                       $self->pidl("for ($counter = 0; $counter < $length; $counter++) {");
+                       $self->pidl("for ($counter = 0; $counter < ($length); $counter++) {");
                        $self->indent;
                        $self->ParseElementPullLevel($e, $nl, $ndr, $var_name, $env, 1, 0);
                        $self->deindent;
@@ -1211,7 +1211,7 @@ sub ParseElementPullLevel
                }
 
                if ($deferred and ContainsDeferred($e, $l)) {
-                       $self->pidl("for ($counter = 0; $counter < $length; $counter++) {");
+                       $self->pidl("for ($counter = 0; $counter < ($length); $counter++) {");
                        $self->indent;
                        $self->ParseElementPullLevel($e,GetNextLevel($e,$l), $ndr, $var_name, $env, 0, 1);
                        $self->deindent;