Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hawkbit-client: do not pass NULL format to g_strdup_vprintf() in build_api_url() #115

Merged
merged 1 commit into from
Nov 17, 2021
Merged

hawkbit-client: do not pass NULL format to g_strdup_vprintf() in build_api_url() #115

merged 1 commit into from
Nov 17, 2021

Conversation

Bastian-Krause
Copy link
Member

@Bastian-Krause Bastian-Krause commented Nov 16, 2021
edited
Loading

build_api_url() can be called with NULL to get the base deployment URL. Passing NULL as a format argument to g_strdup_vprintf() returns NULL if GLIB_USING_SYSTEM_PRINTF is defined, otherwise it leads to a segmentation
fault. The format argument is explicitly documented as "not nullable", so we rely on undefined behavior here.

Skip over va_start(), g_strdup_vprintf(), va_end() for path=NULL to fix that.

@Bastian-Krause
Copy link
Member Author

Force-pushed:

  • adjusted commit message with recent information about GLIB_USING_SYSTEM_PRINTF.

@Bastian-Krause
hawkbit-client: do not pass NULL format to g_strdup_vprintf() in buil…
439feee 
…d_api_url()

build_api_url() can be called with NULL to get the base deployment URL.
Passing NULL as a format argument to g_strdup_vprintf() returns NULL if
GLIB_USING_SYSTEM_PRINTF is defined, otherwise it leads to a segmentation
fault. The format argument is explicitly documented as "not nullable",
so we rely on undefined behavior here.

Skip over va_start(), g_strdup_vprintf(), va_end() for path=NULL to fix
that.

Signed-off-by: Bastian Krause <bst@pengutronix.de>
ejoerns
ejoerns approved these changes Nov 17, 2021
View reviewed changes
Copy link
Member

@ejoerns ejoerns left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch and investigation 👍

@ejoerns ejoerns merged commit 9554871 into rauc:master Nov 17, 2021
@Bastian-Krause Bastian-Krause deleted the bst/fix-build-api-url branch November 17, 2021 11:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ejoerns ejoerns ejoerns approved these changes

Assignees
No one assigned
Labels
bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Bastian-Krause @ejoerns