From cc44a68902fb19dc4cf9ed0b57dd3c5e7efa00dd Mon Sep 17 00:00:00 2001 From: Sven Neumann Date: Tue, 11 Dec 2007 09:40:10 +0000 Subject: [PATCH] made the code more robust against errors on the wire protocol level. 2007-12-11 Sven Neumann * libgimpbase/gimpprotocol.c: made the code more robust against errors on the wire protocol level. * app/plug-in/gimpplugin-message.c: added sanity checks to message handlers. This doesn't keep us from crashing on invalid input, but we will at least get some warnings before that happens. svn path=/trunk/; revision=24317 --- ChangeLog | 15 +++++ app/plug-in/gimpplugin-message.c | 15 +++++ libgimpbase/gimpprotocol.c | 101 ++++++++++++++++++++----------- 3 files changed, 94 insertions(+), 37 deletions(-) diff --git a/ChangeLog b/ChangeLog index 57b5c0414f..2cfc907f4b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,18 @@ +2007-12-11 Sven Neumann + + * app/plug-in/gimpplugin-message.c: added sanity checks to message + handlers. This doesn't keep us from crashing on invalid input, but + we will at least get some warnings before that happens. + + * libgimpbase/gimpprotocol.c: made the code more robust against + errors on the wire protocol level. + +2007-12-11 Sven Neumann + + * libgimpbase/gimpwire.c (_gimp_wire_read_string): use g_try_new() + so a plug-in can't easily crash the core by sending an invalid + string message. + 2007-12-11 Sven Neumann * libgimpbase/gimpwire.c (_gimp_wire_read_string): use g_try_new() diff --git a/app/plug-in/gimpplugin-message.c b/app/plug-in/gimpplugin-message.c index 4ea61b21c3..e5d300094f 100644 --- a/app/plug-in/gimpplugin-message.c +++ b/app/plug-in/gimpplugin-message.c @@ -175,6 +175,8 @@ gimp_plug_in_handle_tile_req (GimpPlugIn *plug_in, TileManager *tm; Tile *tile; + g_return_if_fail (tile_req != NULL); + if (tile_req->drawable_ID == -1) { /* this branch communicates with libgimp/gimptile.c:gimp_tile_put() */ @@ -359,6 +361,9 @@ gimp_plug_in_handle_proc_run (GimpPlugIn *plug_in, GValueArray *return_vals = NULL; GError *error = NULL; + g_return_if_fail (proc_run != NULL); + g_return_if_fail (proc_run->name != NULL); + canonical = gimp_canonicalize_identifier (proc_run->name); proc_frame = gimp_plug_in_get_proc_frame (plug_in); @@ -485,6 +490,8 @@ gimp_plug_in_handle_proc_return (GimpPlugIn *plug_in, { GimpPlugInProcFrame *proc_frame = &plug_in->main_proc_frame; + g_return_if_fail (proc_return != NULL); + if (proc_frame->main_loop) { proc_frame->return_vals = @@ -504,6 +511,8 @@ static void gimp_plug_in_handle_temp_proc_return (GimpPlugIn *plug_in, GPProcReturn *proc_return) { + g_return_if_fail (proc_return != NULL); + if (plug_in->temp_proc_frames) { GimpPlugInProcFrame *proc_frame = plug_in->temp_proc_frames->data; @@ -540,6 +549,9 @@ gimp_plug_in_handle_proc_install (GimpPlugIn *plug_in, gboolean valid_utf8 = FALSE; gint i; + g_return_if_fail (proc_install != NULL); + g_return_if_fail (proc_install->name != NULL); + canonical = gimp_canonicalize_identifier (proc_install->name); /* Sanity check for array arguments */ @@ -713,6 +725,9 @@ gimp_plug_in_handle_proc_uninstall (GimpPlugIn *plug_in, GimpPlugInProcedure *proc; gchar *canonical; + g_return_if_fail (proc_uninstall != NULL); + g_return_if_fail (proc_uninstall->name != NULL); + canonical = gimp_canonicalize_identifier (proc_uninstall->name); proc = gimp_plug_in_procedure_find (plug_in->temp_procedures, canonical); diff --git a/libgimpbase/gimpprotocol.c b/libgimpbase/gimpprotocol.c index ad97dde591..c3c482c36b 100644 --- a/libgimpbase/gimpprotocol.c +++ b/libgimpbase/gimpprotocol.c @@ -640,10 +640,13 @@ _gp_config_destroy (GimpWireMessage *msg) { GPConfig *config = msg->data; - g_free (config->app_name); - g_free (config->wm_class); - g_free (config->display_name); - g_slice_free (GPConfig, config); + if (config) + { + g_free (config->app_name); + g_free (config->wm_class); + g_free (config->display_name); + g_slice_free (GPConfig, config); + } } /* tile_req */ @@ -671,6 +674,7 @@ _gp_tile_req_read (GIOChannel *channel, cleanup: g_slice_free (GPTileReq, tile_req); + msg->data = NULL; } static void @@ -695,7 +699,10 @@ _gp_tile_req_write (GIOChannel *channel, static void _gp_tile_req_destroy (GimpWireMessage *msg) { - g_slice_free (GPTileReq, msg->data); + GPTileReq *tile_req = msg->data; + + if (tile_req) + g_slice_free (GPTileReq, msg->data); } /* tile_ack */ @@ -769,6 +776,7 @@ _gp_tile_data_read (GIOChannel *channel, cleanup: g_free (tile_data->data); g_slice_free (GPTileData, tile_data); + msg->data = NULL; } static void @@ -817,8 +825,11 @@ _gp_tile_data_destroy (GimpWireMessage *msg) { GPTileData *tile_data = msg->data; - g_free (tile_data->data); - g_slice_free (GPTileData, tile_data); + if (tile_data) + { + g_free (tile_data->data); + g_slice_free (GPTileData, tile_data); + } } /* proc_run */ @@ -842,6 +853,7 @@ _gp_proc_run_read (GIOChannel *channel, cleanup: g_slice_free (GPProcRun, proc_run); + msg->data = NULL; } static void @@ -862,10 +874,13 @@ _gp_proc_run_destroy (GimpWireMessage *msg) { GPProcRun *proc_run = msg->data; - gp_params_destroy (proc_run->params, proc_run->nparams); + if (proc_run) + { + gp_params_destroy (proc_run->params, proc_run->nparams); - g_free (proc_run->name); - g_slice_free (GPProcRun, proc_run); + g_free (proc_run->name); + g_slice_free (GPProcRun, proc_run); + } } /* proc_return */ @@ -889,6 +904,7 @@ _gp_proc_return_read (GIOChannel *channel, cleanup: g_slice_free (GPProcReturn, proc_return); + msg->data = NULL; } static void @@ -910,10 +926,13 @@ _gp_proc_return_destroy (GimpWireMessage *msg) { GPProcReturn *proc_return = msg->data; - gp_params_destroy (proc_return->params, proc_return->nparams); + if (proc_return) + { + gp_params_destroy (proc_return->params, proc_return->nparams); - g_free (proc_return->name); - g_slice_free (GPProcReturn, proc_return); + g_free (proc_return->name); + g_slice_free (GPProcReturn, proc_return); + } } /* temp_proc_run */ @@ -1087,6 +1106,7 @@ _gp_proc_install_read (GIOChannel *channel, } g_slice_free (GPProcInstall, proc_install); + msg->data = NULL; } static void @@ -1169,32 +1189,36 @@ static void _gp_proc_install_destroy (GimpWireMessage *msg) { GPProcInstall *proc_install = msg->data; - gint i; - g_free (proc_install->name); - g_free (proc_install->blurb); - g_free (proc_install->help); - g_free (proc_install->author); - g_free (proc_install->copyright); - g_free (proc_install->date); - g_free (proc_install->menu_path); - g_free (proc_install->image_types); - - for (i = 0; i < proc_install->nparams; i++) + if (proc_install) { - g_free (proc_install->params[i].name); - g_free (proc_install->params[i].description); - } + gint i; - for (i = 0; i < proc_install->nreturn_vals; i++) - { - g_free (proc_install->return_vals[i].name); - g_free (proc_install->return_vals[i].description); - } + g_free (proc_install->name); + g_free (proc_install->blurb); + g_free (proc_install->help); + g_free (proc_install->author); + g_free (proc_install->copyright); + g_free (proc_install->date); + g_free (proc_install->menu_path); + g_free (proc_install->image_types); - g_free (proc_install->params); - g_free (proc_install->return_vals); - g_slice_free (GPProcInstall, proc_install); + for (i = 0; i < proc_install->nparams; i++) + { + g_free (proc_install->params[i].name); + g_free (proc_install->params[i].description); + } + + for (i = 0; i < proc_install->nreturn_vals; i++) + { + g_free (proc_install->return_vals[i].name); + g_free (proc_install->return_vals[i].description); + } + + g_free (proc_install->params); + g_free (proc_install->return_vals); + g_slice_free (GPProcInstall, proc_install); + } } /* proc_uninstall */ @@ -1232,8 +1256,11 @@ _gp_proc_uninstall_destroy (GimpWireMessage *msg) { GPProcUninstall *proc_uninstall = msg->data; - g_free (proc_uninstall->name); - g_slice_free (GPProcUninstall, proc_uninstall); + if (proc_uninstall) + { + g_free (proc_uninstall->name); + g_slice_free (GPProcUninstall, proc_uninstall); + } } /* extension_ack */