Fix segfault in juju's handle_arm_request
The buffer pointers were uninitialized, leading to segfault in memcpy. Bug report and initial version of the fix by Adrian Knoth. Signed-off-by: Dan Dennedy <dan@dennedy.org>
This commit is contained in:
parent
0bf8132319
commit
7b8d270352
2
src/fw.c
2
src/fw.c
|
@ -773,10 +773,12 @@ handle_arm_request(raw1394handle_t handle, struct address_closure *ac,
|
||||||
}
|
}
|
||||||
rrb->request.generation = fwhandle->reset.generation;
|
rrb->request.generation = fwhandle->reset.generation;
|
||||||
rrb->request.buffer_length = in_length;
|
rrb->request.buffer_length = in_length;
|
||||||
|
rrb->request.buffer = rrb->data;
|
||||||
memcpy(rrb->request.buffer, request->data, in_length);
|
memcpy(rrb->request.buffer, request->data, in_length);
|
||||||
|
|
||||||
rrb->response.response_code = response.rcode;
|
rrb->response.response_code = response.rcode;
|
||||||
rrb->response.buffer_length = response.length;
|
rrb->response.buffer_length = response.length;
|
||||||
|
rrb->response.buffer = rrb->data + in_length;
|
||||||
memcpy(rrb->response.buffer,
|
memcpy(rrb->response.buffer,
|
||||||
allocation->data + offset, response.length);
|
allocation->data + offset, response.length);
|
||||||
|
|
||||||
|
|
Reference in New Issue