kimcinoo
/
efl
forked from enlightenment/efl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Eo id: Fix id security checks for invalid objects. 

In some cases, invalid object ids (e.g 0x1) would pass validation and
represent completely different objects (0x80...01). This happened because
we weren't properly checking a given object id is actually an object id.

@fix.
This commit is contained in:
Tom Hacohen 2014-10-22 11:31:06 +01:00
parent 52135379df
commit 0b86334a85
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/lib/eo/eo_ptr_indirection.x
View File

@ -100,6 +100,7 @@ typedef uint32_t Generation_Counter;
#define MASK_TABLE_ID ((1 << BITS_TABLE_ID) - 1)
#define MASK_ENTRY_ID ((1 << BITS_ENTRY_ID) - 1)
#define MASK_GENERATIONS (MAX_GENERATIONS - 1)
#define MASK_OBJ_TAG (((Eo_Id) 1) << (REF_TAG_SHIFT))
/* This only applies to classes. Used to artificially enlarge the class ids
* to reduce the likelihood of a clash with normal integers. */
@ -273,6 +274,12 @@ _eo_obj_pointer_get(const Eo_Id obj_id)
DBG("obj_id is NULL. Possibly unintended access?");
return NULL;
}
else if (!(obj_id & MASK_OBJ_TAG))
{
DBG("obj_id is not a valid object id.");
return NULL;
}
EO_DECOMPOSE_ID(obj_id, mid_table_id, table_id, entry_id, generation);
/* Check the validity of the entry */