1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
From 4238b0a27a3621f4181d38821a4eaee9f0ac1244 Mon Sep 17 00:00:00 2001
From: Andrea Azzarone <andrea.azzarone@canonical.com>
Date: Fri, 18 Jan 2019 16:14:57 +0000
Subject: [PATCH 3/5] tracker-monitor: Prevent stack smashing
Make sure to use GPOINTER_TO_UINT when using g_hash_table_lookup_extended() to
prevent stack smashing. This will make sure that in the architectures where
sizeof(GFileMonitorEvent) < sizeof(gpointer), g_hash_table_lookup_extended()
will not write more bytes than prev_event_type can hold.
Bug-Upstream: https://gitlab.gnome.org/GNOME/tracker/issues/71
Origin: upstream, commit:63c0a5d4413e53cb76089fda6f56b2d623c5de15
Applied-Upstream: 2.2.0
---
src/libtracker-miner/tracker-monitor.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/libtracker-miner/tracker-monitor.c b/src/libtracker-miner/tracker-monitor.c
index 54cd3e8fb..f2431b646 100644
--- a/src/libtracker-miner/tracker-monitor.c
+++ b/src/libtracker-miner/tracker-monitor.c
@@ -611,10 +611,12 @@ flush_cached_event (TrackerMonitor *monitor,
GFile *file,
gboolean is_directory)
{
- GFileMonitorEvent prev_event_type;
+ gpointer value = NULL;
if (g_hash_table_lookup_extended (monitor->priv->cached_events,
- file, NULL, (gpointer*) &prev_event_type)) {
+ file, NULL, &value)) {
+ GFileMonitorEvent prev_event_type = GPOINTER_TO_UINT (value);
+
g_hash_table_remove (monitor->priv->cached_events, file);
emit_signal_for_event (monitor, prev_event_type,
is_directory, file, NULL);
--
2.17.0
|
GitWeb
