/** * Appends an integer to a DBusString. * * @param str the string * @param value the integer value * @returns #FALSE if not enough memory or other failure. */ dbus_bool_t _dbus_string_append_int (DBusString *str, long value) { /* this calculation is from comp.lang.c faq */ #define MAX_LONG_LEN ((sizeof (long) * 8 + 2) / 3 + 1) /* +1 for '-' */ int orig_len; int i; char *buf; orig_len = _dbus_string_get_length (str); if (!_dbus_string_lengthen (str, MAX_LONG_LEN)) return FALSE; buf = _dbus_string_get_data_len (str, orig_len, MAX_LONG_LEN); snprintf (buf, MAX_LONG_LEN, "%ld", value); i = 0; while (*buf) { ++buf; ++i; } _dbus_string_shorten (str, MAX_LONG_LEN - i); return TRUE; }
/** * Appends an unsigned integer to a DBusString. * * @param str the string * @param value the integer value * @returns #FALSE if not enough memory or other failure. */ dbus_bool_t _dbus_string_append_uint (DBusString *str, unsigned long value) { /* this is wrong, but definitely on the high side. */ #define MAX_ULONG_LEN (MAX_LONG_LEN * 2) int orig_len; int i; char *buf; orig_len = _dbus_string_get_length (str); if (!_dbus_string_lengthen (str, MAX_ULONG_LEN)) return FALSE; buf = _dbus_string_get_data_len (str, orig_len, MAX_ULONG_LEN); snprintf (buf, MAX_ULONG_LEN, "%lu", value); i = 0; while (*buf) { ++buf; ++i; } _dbus_string_shorten (str, MAX_ULONG_LEN - i); return TRUE; }
/** * Appends a double to a DBusString. * * @param str the string * @param value the floating point value * @returns #FALSE if not enough memory or other failure. */ dbus_bool_t _dbus_string_append_double (DBusString *str, double value) { #define MAX_DOUBLE_LEN 64 /* this is completely made up :-/ */ int orig_len; char *buf; int i; orig_len = _dbus_string_get_length (str); if (!_dbus_string_lengthen (str, MAX_DOUBLE_LEN)) return FALSE; buf = _dbus_string_get_data_len (str, orig_len, MAX_DOUBLE_LEN); snprintf (buf, MAX_LONG_LEN, "%g", value); i = 0; while (*buf) { ++buf; ++i; } _dbus_string_shorten (str, MAX_DOUBLE_LEN - i); return TRUE; }
static dbus_bool_t reserve_header_padding (DBusHeader *header) { _dbus_assert (header->padding <= MAX_POSSIBLE_HEADER_PADDING); if (!_dbus_string_lengthen (&header->data, MAX_POSSIBLE_HEADER_PADDING - header->padding)) return FALSE; header->padding = MAX_POSSIBLE_HEADER_PADDING; return TRUE; }
/** * Thin wrapper around the read() system call that appends * the data it reads to the DBusString buffer. It appends * up to the given count. * * @param hnd the HANDLE to read from * @param buffer the buffer to append data to * @param count the amount of data to read * @param error place to set an error * @returns the number of bytes read or -1 */ static int _dbus_file_read (HANDLE hnd, DBusString *buffer, int count, DBusError *error) { BOOL result; DWORD bytes_read; int start; char *data; _DBUS_ASSERT_ERROR_IS_CLEAR (error); _dbus_assert (count >= 0); start = _dbus_string_get_length (buffer); if (!_dbus_string_lengthen (buffer, count)) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); return -1; } data = _dbus_string_get_data_len (buffer, start, count); result = ReadFile (hnd, data, count, &bytes_read, NULL); if (result == 0) { char *emsg = _dbus_win_error_string (GetLastError ()); dbus_set_error (error, _dbus_win_error_from_last_error (), "Failed to read from 0x%x: %s", hnd, emsg); _dbus_win_free_error_string (emsg); return -1; } if (bytes_read) { /* put length back (doesn't actually realloc) */ _dbus_string_set_length (buffer, start + bytes_read); #if 0 if (bytes_read > 0) _dbus_verbose_bytes_of_string (buffer, start, bytes_read); #endif } return bytes_read; }
static void randomly_shorten_or_lengthen (const DBusString *orig_data, DBusString *mutated) { int delta; if (orig_data != mutated) { _dbus_string_set_length (mutated, 0); if (!_dbus_string_copy (orig_data, 0, mutated, 0)) _dbus_assert_not_reached ("out of mem"); } if (_dbus_string_get_length (mutated) == 0) delta = random_int_in_range (0, 10); else delta = random_int_in_range (- _dbus_string_get_length (mutated), _dbus_string_get_length (mutated) * 3); if (delta < 0) _dbus_string_shorten (mutated, - delta); else if (delta > 0) { int i = 0; i = _dbus_string_get_length (mutated); if (!_dbus_string_lengthen (mutated, delta)) _dbus_assert_not_reached ("couldn't lengthen string"); while (i < _dbus_string_get_length (mutated)) { _dbus_string_set_byte (mutated, i, random_int_in_range (0, 256)); ++i; } } }
static dbus_bool_t generate_wrong_length (DBusMessageDataIter *iter, DBusString *data, DBusValidity *expected_validity) { int lengths[] = { -42, -17, -16, -15, -9, -8, -7, -6, -5, -4, -3, -2, -1, 1, 2, 3, 4, 5, 6, 7, 8, 9, 15, 16, 30 }; int adjust; int len_seq; restart: len_seq = iter_get_sequence (iter); if (len_seq == _DBUS_N_ELEMENTS (lengths)) return FALSE; _dbus_assert (len_seq < _DBUS_N_ELEMENTS (lengths)); iter_recurse (iter); if (!generate_many_bodies (iter, data, expected_validity)) { iter_set_sequence (iter, 0); /* reset to first body */ iter_unrecurse (iter); iter_next (iter); /* next length adjustment */ goto restart; } iter_unrecurse (iter); adjust = lengths[len_seq]; if (adjust < 0) { if ((_dbus_string_get_length (data) + adjust) < DBUS_MINIMUM_HEADER_SIZE) _dbus_string_set_length (data, DBUS_MINIMUM_HEADER_SIZE); else _dbus_string_shorten (data, - adjust); *expected_validity = DBUS_INVALID_FOR_UNKNOWN_REASON; } else { if (!_dbus_string_lengthen (data, adjust)) _dbus_assert_not_reached ("oom"); *expected_validity = DBUS_INVALID_TOO_MUCH_DATA; } /* Fixup lengths */ { int old_body_len; int new_body_len; int byte_order; _dbus_assert (_dbus_string_get_length (data) >= DBUS_MINIMUM_HEADER_SIZE); byte_order = _dbus_string_get_byte (data, BYTE_ORDER_OFFSET); old_body_len = _dbus_marshal_read_uint32 (data, BODY_LENGTH_OFFSET, byte_order, NULL); _dbus_assert (old_body_len < _dbus_string_get_length (data)); new_body_len = old_body_len + adjust; if (new_body_len < 0) { new_body_len = 0; /* we just munged the header, and aren't sure how */ *expected_validity = DBUS_VALIDITY_UNKNOWN; } _dbus_verbose ("changing body len from %u to %u by adjust %d\n", old_body_len, new_body_len, adjust); _dbus_marshal_set_uint32 (data, BODY_LENGTH_OFFSET, new_body_len, byte_order); } return TRUE; }