diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2011-02-16 17:44:48 +0000 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2011-03-04 12:39:59 +0000 |
commit | b1d29497d6076c40fed8e151c0b2226e4f86ef62 (patch) | |
tree | 04cbb0930652e5d4ab249447fc032255228d192c /dbus/dbus-message.c | |
parent | f1ba52066cadb90edb192ea93d55ba775bdb73d7 (diff) | |
download | dbus-b1d29497d6076c40fed8e151c0b2226e4f86ef62.tar.gz |
dbus_message_iter_append_basic: check string-like arguments for validity
Strings: UTF-8 with no embedded NULs, by adding a new internal function,
_dbus_check_is_valid_utf8
Object paths, signatures: the obvious syntactic checks
This moves some of the burden of validation to the sender.
When sending <http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-demo.txt>
10240 times with up to 1024 parallel calls pending, on a single-core ARM
Linux device, I found that user CPU time in dbus-spam increased by up to 80%
as a result of the validation. However, when sending messages to dbus-daemon,
overall throughput only reduced by 15%, and when sending messages to an echo
service, overall throughput actually improved by around 14% (presumably
because making the sender CPU-bound influenced kernel scheduling).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=16338
Bug-NB: NB#223152
Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk>
Diffstat (limited to 'dbus/dbus-message.c')
-rw-r--r-- | dbus/dbus-message.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/dbus/dbus-message.c b/dbus/dbus-message.c index 442ec2ae..c6b52f55 100644 --- a/dbus/dbus-message.c +++ b/dbus/dbus-message.c @@ -2515,6 +2515,37 @@ dbus_message_iter_append_basic (DBusMessageIter *iter, _dbus_return_val_if_fail (dbus_type_is_basic (type), FALSE); _dbus_return_val_if_fail (value != NULL, FALSE); +#ifndef DBUS_DISABLE_CHECKS + switch (type) + { + const char * const *string_p; + + case DBUS_TYPE_STRING: + string_p = value; + _dbus_return_val_if_fail (_dbus_check_is_valid_utf8 (*string_p), FALSE); + break; + + case DBUS_TYPE_OBJECT_PATH: + string_p = value; + _dbus_return_val_if_fail (_dbus_check_is_valid_path (*string_p), FALSE); + break; + + case DBUS_TYPE_SIGNATURE: + string_p = value; + _dbus_return_val_if_fail (_dbus_check_is_valid_signature (*string_p), FALSE); + break; + + case DBUS_TYPE_BOOLEAN: + /* FIXME: strictly speaking we should ensure that it's in {0,1}, + * but for now, fall through */ + + default: + { + /* nothing to check, all possible values are allowed */ + } + } +#endif + if (!_dbus_message_iter_open_signature (real)) return FALSE; |