ObjFW  Check-in [43a93d8a16]

Overview
Comment:OFCountedSet: Improve deserialization

This turns wrong values due to integer overflows or underflows into errors.

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 43a93d8a16434de28dc003455ae211347f6e9b3049466d6038ac38f30978aae5
User & Date: js on 2018-03-10 20:19:34
Other Links: manifest | tags
Context
2018-03-10
20:24
configure: Check for UINTPTR_MAX check-in: f00a1da750 user: js tags: trunk
20:19
OFCountedSet: Improve deserialization check-in: 43a93d8a16 user: js tags: trunk
19:57
configure: Check for INFINITY check-in: 8897d12b45 user: js tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Modified src/OFCountedSet_hashtable.m from [922c94b804] to [de664a6849]. 

133
134
135
136
137
138
139
140

141
142
143
144

145
146
147
148
149

150






151
152
153
154
155
156
157

			@throw [OFInvalidArgumentException exception];

		for (OFXMLElement *objectElement in
		    [element elementsForName: @"object"
				   namespace: OF_SERIALIZATION_NS]) {
			void *pool2 = objc_autoreleasePoolPush();
			OFXMLElement *object;
			OFXMLAttribute *count_;

			size_t count;

			object = [[objectElement elementsForNamespace:
			    OF_SERIALIZATION_NS] firstObject];

			count_ = [objectElement attributeForName: @"count"];

			if (object == nil || count_ == nil)
				@throw [OFInvalidFormatException exception];


			count = (size_t)[[count_ stringValue] decimalValue];







			[_mapTable setObject: (void *)(uintptr_t)count
				      forKey: [object objectByDeserializing]];

			objc_autoreleasePoolPop(pool2);
		}









|
>
|



>
|

|


>
|
>
>
>
>
>
>








133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

			@throw [OFInvalidArgumentException exception];

		for (OFXMLElement *objectElement in
		    [element elementsForName: @"object"
				   namespace: OF_SERIALIZATION_NS]) {
			void *pool2 = objc_autoreleasePoolPush();
			OFXMLElement *object;
			OFXMLAttribute *countAttribute;
			intmax_t signedCount;
			uintmax_t count;

			object = [[objectElement elementsForNamespace:
			    OF_SERIALIZATION_NS] firstObject];
			countAttribute =
			    [objectElement attributeForName: @"count"];

			if (object == nil || countAttribute == nil)
				@throw [OFInvalidFormatException exception];

			signedCount =
			    [[countAttribute stringValue] decimalValue];
			if (signedCount < 0)
			       @throw [OFOutOfRangeException exception];

			count = signedCount;
			if (count > SIZE_MAX || count > UINTPTR_MAX)
				@throw [OFOutOfRangeException exception];

			[_mapTable setObject: (void *)(uintptr_t)count
				      forKey: [object objectByDeserializing]];

			objc_autoreleasePoolPop(pool2);
		}

Fossil 2.23 [47362306a7] 2023-11-01 18:56:47
This page was generated in about 0.015s