The MinGW.org Installation Manager Tool
| リビジョン | 9d0066d0131365c53752743edc67e4c8b4823c04 (tree) |
|---|---|
| 日時 | 2013-01-08 22:01:22 |
| 作者 | Keith Marshall <keithmarshall@user...> |
| コミッター | Keith Marshall |
Avoid potential heap corruption in action scheduler.
ChangeLog (diff)
src/guiexec.cpp (diff) src/pkgexec.cpp (diff)| @@ -1,3 +1,15 @@ | ||
| 1 | +2013-01-08 Keith Marshall <keithmarshall@users.sourceforge.net> | |
| 2 | + | |
| 3 | + Avoid potential heap corruption in action scheduler. | |
| 4 | + | |
| 5 | + * src/guiexec.cpp (pkgActionItem::Clear): Factor out; relocate to... | |
| 6 | + * src/pkgexec.cpp (pkgActionItem::Clear): ...here; this keeps all use | |
| 7 | + of new and delete operators on the same side of the EXE/DLL boundary | |
| 8 | + as the constructor and destructor for pkgActionItem objects. | |
| 9 | + (pkgActionItem::Schedule): Ensure that all min_wanted and max_wanted | |
| 10 | + references are unique to each allocated pkgActionItem object, so that | |
| 11 | + the destructor may safely release their associated heap memory blocks. | |
| 12 | + | |
| 1 | 13 | 2013-01-07 Keith Marshall <keithmarshall@users.sourceforge.net> |
| 2 | 14 | |
| 3 | 15 | Update copyright notification for development in new year. |
| @@ -4,7 +4,7 @@ | ||
| 4 | 4 | * $Id$ |
| 5 | 5 | * |
| 6 | 6 | * Written by Keith Marshall <keithmarshall@users.sourceforge.net> |
| 7 | - * Copyright (C) 2012, MinGW.org Project | |
| 7 | + * Copyright (C) 2012, 2013, MinGW.org Project | |
| 8 | 8 | * |
| 9 | 9 | * |
| 10 | 10 | * Implementation of XML data loading services for the mingw-get GUI. |
| @@ -440,54 +440,6 @@ inline unsigned long AppWindowMaker::EnumerateActions( int classified ) | ||
| 440 | 440 | return pkgData->Schedule()->EnumeratePendingActions( classified ); |
| 441 | 441 | } |
| 442 | 442 | |
| 443 | -pkgActionItem | |
| 444 | -*pkgActionItem::Clear( pkgActionItem *schedule, unsigned long mask ) | |
| 445 | -#define ACTION_PRESERVE_FAILED (ACTION_DOWNLOAD_FAILED | ACTION_APPLY_FAILED) | |
| 446 | -{ | |
| 447 | - /* Method to remove those action items which have no attribute flags in common | |
| 448 | - * with the specified mask, from the schedule; return the residual schedule of | |
| 449 | - * items, if any, which were not removed. (Note that specifying a mask with a | |
| 450 | - * value of 0UL, which is the default, results in removal of all items). | |
| 451 | - */ | |
| 452 | - pkgActionItem *residual = NULL; | |
| 453 | - | |
| 454 | - /* Starting at the specified item, or the invoking class object item | |
| 455 | - * if no starting point is specified... | |
| 456 | - */ | |
| 457 | - if( (schedule != NULL) || ((schedule = this) != NULL) ) | |
| 458 | - { | |
| 459 | - /* ...and provided this starting point is not NULL, walk back to | |
| 460 | - * the first item in the associated task schedule... | |
| 461 | - */ | |
| 462 | - while( schedule->prev != NULL ) schedule = schedule->prev; | |
| 463 | - while( schedule != NULL ) | |
| 464 | - { | |
| 465 | - /* ...then, processing each scheduled task item in sequence, and | |
| 466 | - * keeping track of the next to be processed... | |
| 467 | - */ | |
| 468 | - pkgActionItem *nextptr = schedule->next; | |
| 469 | - if( (schedule->flags & mask) == 0 ) | |
| 470 | - /* | |
| 471 | - * ...delete each which doesn't match any masked attribute... | |
| 472 | - */ | |
| 473 | - delete schedule; | |
| 474 | - | |
| 475 | - else | |
| 476 | - /* ...otherwise add it to the residual schedule. | |
| 477 | - */ | |
| 478 | - residual = schedule; | |
| 479 | - | |
| 480 | - /* In either event, move on to the next item in sequence, if any. | |
| 481 | - */ | |
| 482 | - schedule = nextptr; | |
| 483 | - } | |
| 484 | - } | |
| 485 | - /* Ultimately, return a pointer to the last item added to the residual | |
| 486 | - * schedule, or NULL if all items were deleted. | |
| 487 | - */ | |
| 488 | - return residual; | |
| 489 | -} | |
| 490 | - | |
| 491 | 443 | static int pkgActionCount( HWND dlg, int id, const char *fmt, int classified ) |
| 492 | 444 | { |
| 493 | 445 | /* Helper function to itemise the currently scheduled actions |
| @@ -609,6 +561,7 @@ int AppWindowMaker::Invoked( void ) | ||
| 609 | 561 | } |
| 610 | 562 | |
| 611 | 563 | long AppWindowMaker::OnCommand( WPARAM cmd ) |
| 564 | +#define ACTION_PRESERVE_FAILED (ACTION_DOWNLOAD_FAILED | ACTION_APPLY_FAILED) | |
| 612 | 565 | { |
| 613 | 566 | /* Handler for WM_COMMAND messages which are directed to the |
| 614 | 567 | * top level application window. |
| @@ -4,7 +4,7 @@ | ||
| 4 | 4 | * $Id$ |
| 5 | 5 | * |
| 6 | 6 | * Written by Keith Marshall <keithmarshall@users.sourceforge.net> |
| 7 | - * Copyright (C) 2009, 2010, 2011, 2012, MinGW.org Project | |
| 7 | + * Copyright (C) 2009, 2010, 2011, 2012, 2013, MinGW.org Project | |
| 8 | 8 | * |
| 9 | 9 | * |
| 10 | 10 | * Implementation of package management task scheduler and executive. |
| @@ -302,7 +302,27 @@ pkgActionItem::Schedule( unsigned long action, pkgActionItem& item ) | ||
| 302 | 302 | * action, in case it is required to complete the request. |
| 303 | 303 | */ |
| 304 | 304 | action |= ACTION_DOWNLOAD; |
| 305 | - rtn->flags = action | (rtn->flags & ~ACTION_MASK); | |
| 305 | + rtn->flags = action | (item.flags & ~ACTION_MASK); | |
| 306 | + | |
| 307 | + /* The min_wanted and max_wanted properties, if defined, refer | |
| 308 | + * to dynamically allocated memory blocks, (on the heap); these | |
| 309 | + * must have only one action item owner; currently, the original | |
| 310 | + * item and the copy we've just made are both effective owners, | |
| 311 | + * and we want only the copy to retain this ownership, we must | |
| 312 | + * detach them from the original item. | |
| 313 | + */ | |
| 314 | + item.min_wanted = item.max_wanted = NULL; | |
| 315 | + | |
| 316 | + /* Similarly, we must transfer any linkage into the schedule of | |
| 317 | + * actions from the original item to the copy. | |
| 318 | + */ | |
| 319 | + if( item.prev != NULL ) (item.prev)->next = rtn; | |
| 320 | + if( item.next != NULL ) (item.next)->prev = rtn; | |
| 321 | + item.prev = item.next = NULL; | |
| 322 | + | |
| 323 | + /* Finally, we return the copy, leaving the ultimate disposal | |
| 324 | + * of the original to the caller's discretion. | |
| 325 | + */ | |
| 306 | 326 | return rtn; |
| 307 | 327 | } |
| 308 | 328 |
| @@ -642,6 +662,52 @@ void pkgActionItem::Execute( bool with_download ) | ||
| 642 | 662 | } |
| 643 | 663 | } |
| 644 | 664 | |
| 665 | +pkgActionItem *pkgActionItem::Clear( pkgActionItem *schedule, unsigned long mask ) | |
| 666 | +{ | |
| 667 | + /* Method to remove those action items which have no attribute flags in common | |
| 668 | + * with the specified mask, from the schedule; return the residual schedule of | |
| 669 | + * items, if any, which were not removed. (Note that specifying a mask with a | |
| 670 | + * value of 0UL, which is the default, results in removal of all items). | |
| 671 | + */ | |
| 672 | + pkgActionItem *residual = NULL; | |
| 673 | + | |
| 674 | + /* Starting at the specified item, or the invoking class object item | |
| 675 | + * if no starting point is specified... | |
| 676 | + */ | |
| 677 | + if( (schedule != NULL) || ((schedule = this) != NULL) ) | |
| 678 | + { | |
| 679 | + /* ...and provided this starting point is not NULL, walk back to | |
| 680 | + * the first item in the associated task schedule... | |
| 681 | + */ | |
| 682 | + while( schedule->prev != NULL ) schedule = schedule->prev; | |
| 683 | + while( schedule != NULL ) | |
| 684 | + { | |
| 685 | + /* ...then, processing each scheduled task item in sequence, and | |
| 686 | + * keeping track of the next to be processed... | |
| 687 | + */ | |
| 688 | + pkgActionItem *nextptr = schedule->next; | |
| 689 | + if( (schedule->flags & mask) == 0 ) | |
| 690 | + /* | |
| 691 | + * ...delete each which doesn't match any masked attribute... | |
| 692 | + */ | |
| 693 | + delete schedule; | |
| 694 | + | |
| 695 | + else | |
| 696 | + /* ...otherwise add it to the residual schedule. | |
| 697 | + */ | |
| 698 | + residual = schedule; | |
| 699 | + | |
| 700 | + /* In either event, move on to the next item in sequence, if any. | |
| 701 | + */ | |
| 702 | + schedule = nextptr; | |
| 703 | + } | |
| 704 | + } | |
| 705 | + /* Ultimately, return a pointer to the last item added to the residual | |
| 706 | + * schedule, or NULL if all items were deleted. | |
| 707 | + */ | |
| 708 | + return residual; | |
| 709 | +} | |
| 710 | + | |
| 645 | 711 | pkgActionItem::~pkgActionItem() |
| 646 | 712 | { |
| 647 | 713 | /* Destructor... |
Fork