search

desrod / pilot-link

pilot-link is a suite of tools used to connect your Palm or PalmOS® compatible handheld with Unix, Linux, and any other POSIX-compatible machine.
GNU General Public License v2.0
11 stars 7 forks source link

Corrupt error handling in dlp_VFSDirEntryEnumerate in dlp.c #9

Open CoSoCo opened 2 years ago

CoSoCo commented 2 years ago

Because result is defined as unsigned, it will never be negative. So the code after if (result > 0) becomes always executed, even on negative error result from dlp_exec (sd, req, &res). So result should be defined signed int. Compare with similar function dlp_VFSVolumeEnumerate().

Additionally, the else part of the later if (result) will never be reached, as result will always be non-zero at this branch.

int
dlp_VFSDirEntryEnumerate(int sd, FileRef dirRefNum, 
    unsigned long *dirIterator, int *maxDirItems, struct VFSDirInfo *data)
{
    unsigned int result,
[.....]
    result = dlp_exec (sd, req, &res);
[.....]
    if (result > 0) {
        if (result) {
            *dirIterator = get_long (DLP_RESPONSE_DATA (res, 0, 0));
            entries = get_long (DLP_RESPONSE_DATA (res, 0, 4));
        } else {
            *dirIterator = vfsIteratorStop;
            entries = 0;
        }
[.....]
CoSoCo commented 2 years ago

A patch for fixing this. 0001-Fix-corrupt-error-handling-in-dlp_VFSDirEntryEnumerate.patch.zip