From: Simon McVittie <smcv@collabora.com>
Date: Mon, 12 Sep 2022 12:33:52 +0000 (+0100)
Subject: dbus-marshal-basic: Assert that we are in-bounds after skipping items
X-Git-Tag: dbus-1.15.4~39^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba1cf69f38be890320a37b5929392a5795c97c07;p=thirdparty%2Fdbus.git

dbus-marshal-basic: Assert that we are in-bounds after skipping items

We recommend disabling assertions in production builds of dbus, so it
is "cheap" to add them even in relatively fast-path locations.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---

diff --git a/dbus/dbus-marshal-basic.c b/dbus/dbus-marshal-basic.c
index 3b22aa70b..6ebe5bd36 100644
--- a/dbus/dbus-marshal-basic.c
+++ b/dbus/dbus-marshal-basic.c
@@ -1193,6 +1193,10 @@ _dbus_marshal_skip_basic (const DBusString      *str,
       _dbus_assert_not_reached ("not a basic type");
       break;
     }
+
+  /* We had better still be in-bounds at this point (pointing either into
+   * the content of the string, or 1 past the logical length of the string) */
+  _dbus_assert (*pos <= _dbus_string_get_length (str));
 }
 
 /**
@@ -1230,6 +1234,10 @@ _dbus_marshal_skip_array (const DBusString  *str,
 
   /* Skip the actual array data */
   *pos = i + array_len;
+
+  /* We had better still be in-bounds at this point (pointing either into
+   * the content of the string, or 1 past the logical length of the string) */
+  _dbus_assert (*pos <= _dbus_string_get_length (str));
 }
 
 /**