You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by as...@apache.org on 2018/12/11 20:08:38 UTC

qpid-proton git commit: PROTON-1979: [c] Only allow scalars (non compound types) as descriptors

Repository: qpid-proton
Updated Branches:
  refs/heads/master 58ec2b1e5 -> 203ffed56


PROTON-1979: [c] Only allow scalars (non compound types) as descriptors


Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/203ffed5
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/203ffed5
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/203ffed5

Branch: refs/heads/master
Commit: 203ffed56811e32839fded56c00d4f07438f7269
Parents: 58ec2b1
Author: Andrew Stitcher <as...@apache.org>
Authored: Tue Dec 11 14:53:35 2018 -0500
Committer: Andrew Stitcher <as...@apache.org>
Committed: Tue Dec 11 14:53:35 2018 -0500

----------------------------------------------------------------------
 c/src/core/decoder.c                               |   9 ++++++++-
 .../fuzz-message-decode/crash/5633695940083712     | Bin 0 -> 96636 bytes
 2 files changed, 8 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/203ffed5/c/src/core/decoder.c
----------------------------------------------------------------------
diff --git a/c/src/core/decoder.c b/c/src/core/decoder.c
index a2e99b2..1755db2 100644
--- a/c/src/core/decoder.c
+++ b/c/src/core/decoder.c
@@ -485,9 +485,16 @@ static int pni_decoder_decode_type(pn_decoder_t *decoder, pn_data_t *data, uint8
 
 size_t pn_data_siblings(pn_data_t *data);
 
+// We disallow using any compound type as a described descriptor to avoid recursion
+// in decoding. Although these seem syntactically valid they don't seem to be of any
+// conceivable use!
 static inline bool pni_allowed_descriptor_code(uint8_t code)
 {
-  return code != PNE_DESCRIPTOR && code != PNE_ARRAY8 && code != PNE_ARRAY32;
+  return
+    code != PNE_DESCRIPTOR &&
+    code != PNE_ARRAY8 && code != PNE_ARRAY32 &&
+    code != PNE_LIST8 && code != PNE_LIST32 &&
+    code != PNE_MAP8 && code != PNE_MAP32;
 }
 
 int pni_decoder_single_described(pn_decoder_t *decoder, pn_data_t *data)

http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/203ffed5/c/tests/fuzz/fuzz-message-decode/crash/5633695940083712
----------------------------------------------------------------------
diff --git a/c/tests/fuzz/fuzz-message-decode/crash/5633695940083712 b/c/tests/fuzz/fuzz-message-decode/crash/5633695940083712
new file mode 100644
index 0000000..3e679be
Binary files /dev/null and b/c/tests/fuzz/fuzz-message-decode/crash/5633695940083712 differ


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org