jpeg pushed a commit to branch master. http://git.enlightenment.org/core/efl.git/commit/?id=8d9c6c0a00a25dae580f3ee0cfaa84abcb911611
commit 8d9c6c0a00a25dae580f3ee0cfaa84abcb911611 Author: Jean-Philippe Andre <[email protected]> Date: Mon Oct 27 22:57:53 2014 +0900 inotify: Fix safety after read in 3 places Fixes Coverity issues: - CID 1039565 - CID 1039566 --- src/bin/evas/evas_cserve2_main_loop_linux.c | 3 ++- src/lib/ecore_file/ecore_file_monitor_inotify.c | 3 ++- src/lib/eio/eio_monitor_inotify.c | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/bin/evas/evas_cserve2_main_loop_linux.c b/src/bin/evas/evas_cserve2_main_loop_linux.c index e213cc4..33a9955 100644 --- a/src/bin/evas/evas_cserve2_main_loop_linux.c +++ b/src/bin/evas/evas_cserve2_main_loop_linux.c @@ -328,7 +328,7 @@ _inotifyfd_handler(int fd, Fd_Flags flags, void *data EINA_UNUSED) } size = read(fd, buffer, sizeof(buffer)); - while (i < size) + while ((i + (int) sizeof(struct inotify_event)) <= (int) size) { struct inotify_event *event; int event_size; @@ -338,6 +338,7 @@ _inotifyfd_handler(int fd, Fd_Flags flags, void *data EINA_UNUSED) event = (struct inotify_event *)&buffer[i]; event_size = sizeof(struct inotify_event) + event->len; + if ((event_size + i) > size) break ; i += event_size; ids = eina_hash_find(inotify_id_hash, &event->wd); diff --git a/src/lib/ecore_file/ecore_file_monitor_inotify.c b/src/lib/ecore_file/ecore_file_monitor_inotify.c index e21e41c..067a281 100644 --- a/src/lib/ecore_file/ecore_file_monitor_inotify.c +++ b/src/lib/ecore_file/ecore_file_monitor_inotify.c @@ -162,10 +162,11 @@ _ecore_file_monitor_inotify_handler(void *data EINA_UNUSED, Ecore_Fd_Handler *fd if (fd < 0) return ECORE_CALLBACK_RENEW; size = read(fd, buffer, sizeof(buffer)); - while (i < size) + while ((i + (int) sizeof(struct inotify_event)) <= (int) size) { event = (struct inotify_event *)&buffer[i]; event_size = sizeof(struct inotify_event) + event->len; + if ((event_size + i) > size) break ; i += event_size; em = _ecore_file_monitor_inotify_monitor_find(event->wd); diff --git a/src/lib/eio/eio_monitor_inotify.c b/src/lib/eio/eio_monitor_inotify.c index fbfc24e..faa34b3 100644 --- a/src/lib/eio/eio_monitor_inotify.c +++ b/src/lib/eio/eio_monitor_inotify.c @@ -134,10 +134,11 @@ _eio_inotify_handler(void *data EINA_UNUSED, Ecore_Fd_Handler *fdh) if (fd < 0) return ECORE_CALLBACK_RENEW; size = read(fd, buffer, sizeof(buffer)); - while (i < size) + while ((i + (int) sizeof(struct inotify_event)) <= (int) size) { event = (struct inotify_event *)&buffer[i]; event_size = sizeof(struct inotify_event) + event->len; + if ((event_size + i) > size) break ; i += event_size; backend = eina_hash_find(_inotify_monitors, &event->wd); --
