pilot-link icon indicating copy to clipboard operation
pilot-link copied to clipboard
verified publisher icon desrod

Corrupt error handling in dlp_VFSDirEntryEnumerate in dlp.c

Open CoSoCo opened this issue 3 years ago • 1 comments

Because result is defined as unsigned, it will never be negative. So the code after if (result > 0) becomes always executed, even on negative error result from dlp_exec (sd, req, &res). So result should be defined signed int. Compare with similar function dlp_VFSVolumeEnumerate().

Additionally, the else part of the later if (result) will never be reached, as result will always be non-zero at this branch.

int
dlp_VFSDirEntryEnumerate(int sd, FileRef dirRefNum, 
	unsigned long *dirIterator, int *maxDirItems, struct VFSDirInfo *data)
{
	unsigned int result,
[.....]
	result = dlp_exec (sd, req, &res);
[.....]
	if (result > 0) {
		if (result) {
			*dirIterator = get_long (DLP_RESPONSE_DATA (res, 0, 0));
			entries = get_long (DLP_RESPONSE_DATA (res, 0, 4));
		} else {
			*dirIterator = vfsIteratorStop;
			entries = 0;
		}
[.....]

CoSoCo avatar Aug 15 '22 16:08 CoSoCo

A patch for fixing this. 0001-Fix-corrupt-error-handling-in-dlp_VFSDirEntryEnumerate.patch.zip

CoSoCo avatar Aug 15 '22 17:08 CoSoCo