rpms / modem-manager-gui

Clone
Source Code
GIT

Files

epel7 epel8 epel8-playground f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f30
  2.   mmgui-6710bf86869852bb8a9946b628eff5bc1019b5aa.diff
Blob Blame History Raw 
# HG changeset patch
# User Alex <alex@linuxonly.ru>
# Date 1550936745 -10800
# Node ID 6710bf86869852bb8a9946b628eff5bc1019b5aa
# Parent  e8a146d4d2ea8525301670fb48b1accfdde13ac9
Fix memory corruption because of wrong strsep() usage (Thanks to Persmule)

diff --git a/src/modules/mm06.c b/src/modules/mm06.c
--- a/src/modules/mm06.c
+++ b/src/modules/mm06.c
@@ -1552,10 +1552,12 @@
 	GVariantIter *iter;
 	guint32 locationtype;
 	GVariant *locationdata;
-	gchar *locationstring;
 	gsize strlength;
+	gchar **fragments;
+	gint i;
 	GError *error;
-			
+	const gint numbases[4] = {10, 10, 16, 16};
+	
 	if ((mmguicore == NULL) || (device == NULL)) return FALSE;
 	mmguicorelc = (mmguicore_t)mmguicore;
 	
@@ -1578,14 +1580,17 @@
 		g_variant_get(data, "(a{uv})", &iter);
 		while (g_variant_iter_next(iter, "{uv}", &locationtype, &locationdata)) {
 			if ((locationtype == MODULE_INT_MODEM_LOCATION_CAPABILITY_GSM_LAC_CI) && (locationdata != NULL)) {
-				//3GPP location
+				/*3GPP location*/
 				strlength = 256;
-				locationstring = g_strdup(g_variant_get_string(locationdata, &strlength));
-				device->loc3gppdata[0] = (guint)strtol(strsep(&locationstring, ","), NULL, 10);
-				device->loc3gppdata[1] = (guint)strtol(strsep(&locationstring, ","), NULL, 10);
-				device->loc3gppdata[2] = (guint)strtol(strsep(&locationstring, ","), NULL, 16);
-				device->loc3gppdata[3] = (guint)strtol(strsep(&locationstring, ","), NULL, 16);
-				g_free(locationstring);
+				fragments = g_strsplit(g_variant_get_string(locationdata, &strlength), ",", 4);
+				if (fragments != NULL) {
+					i = 0;
+					while ((fragments[i] != NULL) && (i < 4)) {
+						device->loc3gppdata[i] = (guint)strtoul(fragments[i], NULL, numbases[i]);
+						i++;
+					}
+					g_strfreev(fragments);
+				}
 				g_variant_unref(locationdata);
 				g_debug("3GPP location: %u, %u, %4x, %4x", device->loc3gppdata[0], device->loc3gppdata[1], device->loc3gppdata[2], device->loc3gppdata[3]);
 			}
diff --git a/src/modules/mm07.c b/src/modules/mm07.c
--- a/src/modules/mm07.c
+++ b/src/modules/mm07.c
@@ -1659,8 +1659,11 @@
 	GVariant *locationdata;
 	gchar *locationstring;
 	gsize strlength;
+	gchar **fragments;
+	gint i;
 	GError *error;
-			
+	const gint numbases[4] = {10, 10, 16, 16};
+	
 	if ((mmguicore == NULL) || (device == NULL)) return FALSE;
 	mmguicorelc = (mmguicore_t)mmguicore;
 	
@@ -1684,12 +1687,15 @@
 			if ((locationtype == MODULE_INT_MODEM_LOCATION_SOURCE_3GPP_LAC_CI) && (locationdata != NULL)) {
 				/*3GPP location*/
 				strlength = 256;
-				locationstring = g_strdup(g_variant_get_string(locationdata, &strlength));
-				device->loc3gppdata[0] = (guint)strtol(strsep(&locationstring, ","), NULL, 10);
-				device->loc3gppdata[1] = (guint)strtol(strsep(&locationstring, ","), NULL, 10);
-				device->loc3gppdata[2] = (guint)strtol(strsep(&locationstring, ","), NULL, 16);
-				device->loc3gppdata[3] = (guint)strtol(strsep(&locationstring, ","), NULL, 16);
-				g_free(locationstring);
+				fragments = g_strsplit(g_variant_get_string(locationdata, &strlength), ",", 4);
+				if (fragments != NULL) {
+					i = 0;
+					while ((fragments[i] != NULL) && (i < 4)) {
+						device->loc3gppdata[i] = (guint)strtoul(fragments[i], NULL, numbases[i]);
+						i++;
+					}
+					g_strfreev(fragments);
+				}
 				g_variant_unref(locationdata);
 				g_debug("3GPP location: %u, %u, %4x, %4x\n", device->loc3gppdata[0], device->loc3gppdata[1], device->loc3gppdata[2], device->loc3gppdata[3]);
 			} else if ((locationtype == MODULE_INT_MODEM_LOCATION_SOURCE_GPS_RAW) && (locationdata != NULL)) {
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.