From 507d5548349540dbde67d3e535a4607fd2207c49 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Wed, 4 Sep 2019 17:43:16 -0700 Subject: [PATCH] Tweak xd_append_arg to pacify -Wnull-dereference MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit * src/dbusbind.c (xd_append_arg): Redo to pacify gcc -Wnull-dereference. Also, check that the Lisp string won’t overrun the C signature buffer. --- src/dbusbind.c | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/src/dbusbind.c b/src/dbusbind.c index 90ba461c6bc..7f4c8717f42 100644 --- a/src/dbusbind.c +++ b/src/dbusbind.c @@ -728,22 +728,27 @@ xd_append_arg (int dtype, Lisp_Object object, DBusMessageIter *iter) strcpy (signature, DBUS_TYPE_STRING_AS_STRING); else - /* If the element type is DBUS_TYPE_SIGNATURE, and this is - the only element, the value of this element is used as - the array's element signature. */ - if ((XD_OBJECT_TO_DBUS_TYPE (CAR_SAFE (object)) - == DBUS_TYPE_SIGNATURE) - && STRINGP (CAR_SAFE (XD_NEXT_VALUE (object))) - && NILP (CDR_SAFE (XD_NEXT_VALUE (object)))) - { - lispstpcpy (signature, CAR_SAFE (XD_NEXT_VALUE (object))); - object = CDR_SAFE (XD_NEXT_VALUE (object)); - } - - else - xd_signature (signature, - XD_OBJECT_TO_DBUS_TYPE (CAR_SAFE (object)), - dtype, CAR_SAFE (XD_NEXT_VALUE (object))); + { + /* If the element type is DBUS_TYPE_SIGNATURE, and this is + the only element, the value of this element is used as + the array's element signature. */ + if (CONSP (object) && (XD_OBJECT_TO_DBUS_TYPE (XCAR (object)) + == DBUS_TYPE_SIGNATURE)) + { + Lisp_Object val = XD_NEXT_VALUE (object); + if (CONSP (val) && STRINGP (XCAR (val)) && NILP (XCDR (val)) + && SBYTES (XCAR (val)) < DBUS_MAXIMUM_SIGNATURE_LENGTH) + { + lispstpcpy (signature, XCAR (val)); + object = Qnil; + } + } + + if (!NILP (object)) + xd_signature (signature, + XD_OBJECT_TO_DBUS_TYPE (CAR_SAFE (object)), + dtype, CAR_SAFE (XD_NEXT_VALUE (object))); + } XD_DEBUG_MESSAGE ("%c %s %s", dtype, signature, XD_OBJECT_TO_STRING (object)); -- 2.39.5