Skip to content

Commit

Permalink
Fix segfault if file descriptor unavailable
Browse files Browse the repository at this point in the history
The `get_java_var_long` function returns 0 in several failure modes,
e.g. if a file descriptor is unavailable. [1]

However, one of the call sites is missing the result check, which causes
a JVM segfault if the return value is 0. The segfault occurs on
dereferencing the pointer: [2]

```c
eis->eventflags[SPE_DATA_AVAILABLE]
```

Add a result value check, throwing a proper IOException if it is 0.

See also similar issue NeuronRobotics#59. [3]

Fixes NeuronRobotics#112 [4], NeuronRobotics#136 [5] and NeuronRobotics#242 [6].

[1]: https://github.com/NeuronRobotics/nrjavaserial/blob/0df8b60485a56d7698b71183237b5615d02a8194/src/main/c/src/SerialImp.c#L5137-L5142
[2]: https://github.com/NeuronRobotics/nrjavaserial/blob/0df8b60485a56d7698b71183237b5615d02a8194/src/main/c/src/SerialImp.c#L3085
[3]: NeuronRobotics#59
[4]: NeuronRobotics#112
[5]: NeuronRobotics#136
[6]: NeuronRobotics#242

Reported-by: Alex Vasiliev <@alex-vas>
Reported-by: Łukasz Dywicki <luke@code-house.org>
Reported-by: Jose Pacelli <josepacelli@gmail.com>
Reported-by: Frank Hartwig <frank.fr.hartwig@deutschebahn.com>
  • Loading branch information
Claudia Pellegrino authored and Claudia Pellegrino committed Jan 8, 2024
1 parent 0df8b60 commit af6139d
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/main/c/src/SerialImp.c
Original file line number Diff line number Diff line change
Expand Up @@ -3081,6 +3081,11 @@ int read_byte_array( JNIEnv *env,
struct event_info_struct *eis = ( struct event_info_struct * )
get_java_var_long( env, *jobj,"eis","J" );

if (eis == NULL) {
throw_java_exception(env, IO_EXCEPTION, "read_byte_array",
"Unable to read byte array");
return -1;
}
report_time_start();
flag = eis->eventflags[SPE_DATA_AVAILABLE];
eis->eventflags[SPE_DATA_AVAILABLE] = 0;
Expand Down

0 comments on commit af6139d

Please sign in to comment.