From e8ff8484ddc1899807fce40a4f54c876a9dfbc7f Mon Sep 17 00:00:00 2001 From: daniel Date: Thu, 24 Jan 2013 21:53:35 +0900 Subject: Remove the unneeded string copy, use g_malloc, g_free, bounds check on link array --- vxi11_server.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) (limited to 'vxi11_server.c') diff --git a/vxi11_server.c b/vxi11_server.c index a272e1e..801e5cf 100644 --- a/vxi11_server.c +++ b/vxi11_server.c @@ -37,14 +37,21 @@ static CLIENT* intclient = NULL; static bool intenabled = false; -static char* inthandler = NULL; +static gchar* inthandler = NULL; typedef struct { + int lid; } ActiveLink; static ActiveLink* links[MAX_SESSIONS] = { NULL }; static bool isValidLink(int linkid) { + if (linkid > MAX_SESSIONS - 1) { +#ifdef DEBUG + printf("Crazy link id %d\n", linkid); +#endif + return false; + } return links[linkid] != NULL; } @@ -115,7 +122,7 @@ create_link_1_svc(Create_LinkParms *argp, struct svc_req *rqstp) { result.error = ERR_DEVICELOCKEDBYANOTHERLINK; } else { - ActiveLink* link = malloc(sizeof(ActiveLink)); + ActiveLink* link = g_malloc(sizeof(ActiveLink)); if (link == NULL) { result.error = ERR_OUTOFRESOURCES; } @@ -127,6 +134,9 @@ create_link_1_svc(Create_LinkParms *argp, struct svc_req *rqstp) { break; } } + g_assert(linkid != SIZEOFARRAY(links)); + link->lid = linkid; + globals.Remote.vxi_connections++; #ifdef DEBUG printf("created link %d, %d active links\n", linkid, globals.Remote.vxi_connections); @@ -177,7 +187,7 @@ device_read_1_svc(Device_ReadParms *argp, struct svc_req *rqstp) { #endif if (result.data.data_val != NULL) { - free(result.data.data_val); + g_free(result.data.data_val); result.data.data_val = NULL; result.data.data_len = 0; } @@ -192,9 +202,7 @@ device_read_1_svc(Device_ReadParms *argp, struct svc_req *rqstp) { else { if (globals.Registers.pending_output_message != NULL) { result.data.data_len = strlen(globals.Registers.pending_output_message) + 1; - result.data.data_val = calloc(result.data.data_len, 1); - strncpy(result.data.data_val, globals.Registers.pending_output_message, result.data.data_len); - g_free(globals.Registers.pending_output_message); + result.data.data_val = globals.Registers.pending_output_message; globals.Registers.pending_output_message = NULL; #ifdef DEBUG printf("sending ---%s---\n", result.data.data_val); @@ -358,13 +366,12 @@ device_enable_srq_1_svc(Device_EnableSrqParms *argp, struct svc_req *rqstp) { result.error = ERR_INVALIDLINKINDENTIFIER; else { if (inthandler != NULL) { - free(inthandler); + g_free(inthandler); inthandler = NULL; } if (argp->enable) { if (argp->handle.handle_val != NULL) { - inthandler = malloc(argp->handle.handle_len); - strncpy(inthandler, argp->handle.handle_val, argp->handle.handle_len); + inthandler = g_strdup(argp->handle.handle_val); #ifdef DEBUG printf("Interrupt handle set to %s\n", inthandler); #endif @@ -417,7 +424,7 @@ destroy_link_1_svc(Device_Link *argp, struct svc_req *rqstp) { printf("link %d destroyed, %d active links\n", lid, globals.Remote.vxi_connections); #endif result.error = 0; - free(links[lid]); + g_free(links[lid]); links[lid] = NULL; } -- cgit