diff options
| author | Stefan Metzmacher <metze@samba.org> | 2015-06-11 08:54:11 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2015-06-12 17:08:19 +0200 |
| commit | 3c97bfe9de538d9f551f2c3d77ee3ab820a39b4a (patch) | |
| tree | d3bf34698a08b035e1f14709f4f2ea9b8e603854 | |
| parent | 781cc3d50f18e69bad5faf67ee46f7b1fd28cf2a (diff) | |
| download | samba-3c97bfe9de538d9f551f2c3d77ee3ab820a39b4a.tar.gz | |
pidl:NDR/Parser: protect for loops against $length being an expression instead of a scalar variable
This changes
for (value_cntr_1 = 0; value_cntr_1 < r->out.length?*r->out.length:0; value_cntr_1++) {
into:
for (value_cntr_1 = 0; value_cntr_1 < (r->out.length?*r->out.length:0); value_cntr_1++) {
it fixes a possible endless loop resulting in a crash.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
| -rw-r--r-- | pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 3deab2ec953..fe5f3900cee 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -670,7 +670,7 @@ sub ParseElementPushLevel $var_name = get_array_element($var_name, $counter); if ((($primitives and not $l->{IS_DEFERRED}) or ($deferred and $l->{IS_DEFERRED})) and not $array_pointless) { - $self->pidl("for ($counter = 0; $counter < $length; $counter++) {"); + $self->pidl("for ($counter = 0; $counter < ($length); $counter++) {"); $self->indent; $self->ParseElementPushLevel($e, GetNextLevel($e, $l), $ndr, $var_name, $env, 1, 0); $self->deindent; @@ -678,7 +678,7 @@ sub ParseElementPushLevel } if ($deferred and ContainsDeferred($e, $l) and not $array_pointless) { - $self->pidl("for ($counter = 0; $counter < $length; $counter++) {"); + $self->pidl("for ($counter = 0; $counter < ($length); $counter++) {"); $self->indent; $self->ParseElementPushLevel($e, GetNextLevel($e, $l), $ndr, $var_name, $env, 0, 1); $self->deindent; @@ -875,7 +875,7 @@ sub ParseElementPrint($$$$$) $self->pidl("$ndr->print($ndr, \"\%s: ARRAY(\%d)\", \"$e->{NAME}\", (int)$length);"); $self->pidl("$ndr->depth++;"); - $self->pidl("for ($counter=0;$counter<$length;$counter++) {"); + $self->pidl("for ($counter = 0; $counter < ($length); $counter++) {"); $self->indent; $var_name = get_array_element($var_name, $counter); @@ -1203,7 +1203,7 @@ sub ParseElementPullLevel $self->CheckStringTerminator($ndr,$e,$l,$length); } - $self->pidl("for ($counter = 0; $counter < $length; $counter++) {"); + $self->pidl("for ($counter = 0; $counter < ($length); $counter++) {"); $self->indent; $self->ParseElementPullLevel($e, $nl, $ndr, $var_name, $env, 1, 0); $self->deindent; @@ -1211,7 +1211,7 @@ sub ParseElementPullLevel } if ($deferred and ContainsDeferred($e, $l)) { - $self->pidl("for ($counter = 0; $counter < $length; $counter++) {"); + $self->pidl("for ($counter = 0; $counter < ($length); $counter++) {"); $self->indent; $self->ParseElementPullLevel($e,GetNextLevel($e,$l), $ndr, $var_name, $env, 0, 1); $self->deindent; |