Bug 72298 - ensure DBusError is set if _dbus_read_nonce() returns FALSE
Summary: ensure DBusError is set if _dbus_read_nonce() returns FALSE
Status: RESOLVED FIXED
Alias: None
Product: dbus
Classification: Unclassified
Component: core (show other bugs)
Version: 1.5
Hardware: Other All
: medium normal
Assignee: Havoc Pennington
QA Contact:
URL:
Whiteboard: review?
Keywords: patch
Depends on:
Blocks:
 
Reported: 2013-12-04 09:07 UTC by Chengwei Yang
Modified: 2014-01-06 16:31 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
[PATCH] Ensure DBusError is set if _dbus_read_nonce() fail (1.28 KB, patch)
2013-12-04 09:11 UTC, Chengwei Yang 		Details | Splinter Review
[PATCH v2] Ensure DBusError is set if _dbus_read_nonce() fail (1.25 KB, patch)
2013-12-06 02:57 UTC, Chengwei Yang 		Details | Splinter Review
View All

Description Chengwei Yang 2013-12-04 09:07:38 UTC 
in _dbus_send_nonce() which has code like below.

  read_result = _dbus_read_nonce (noncefile, &nonce, error);
  if (!read_result)
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);
      _dbus_string_free (&nonce);
      return FALSE;
    }

However, _dbus_read_nonce() may return FALSE if the fopen() noncefile failed. So this will cause _DBUS_ASSERT_ERROR_IS_SET (error); fail and the coredump.
Comment 1 Chengwei Yang 2013-12-04 09:11:50 UTC 
Created attachment 90209 [details] [review]
[PATCH] Ensure DBusError is set if _dbus_read_nonce() fail

In _dbus_send_nonce() which call in _dbus_read_nonce() and assert on an
error is set if _dbus_read_nonce() fail. However, in _dbus_read_nonce(),
it may fail on fopen() and left error is unset. This will crash us if
assertions hasn't been disabled.
Comment 2 Simon McVittie 2013-12-04 12:45:59 UTC 
Comment on attachment 90209 [details] [review]
[PATCH] Ensure DBusError is set if _dbus_read_nonce() fail

Review of attachment 90209 [details] [review]:
-----------------------------------------------------------------

Well spotted, but I'd prefer to set a better error.

::: dbus/dbus-nonce.c
@@ +112,4 @@
>  
>  
>    fp = fopen (_dbus_string_get_const_data (fname), "rb");
> +  if (!fp || !(nread = fread (buffer, 1, sizeof buffer - 1, fp)))

I feel as though the !fp case ought to use errno and _dbus_strerror; perhaps even the function whose name I can't remember that turns a system errno into a DBusError name.

Style: I usually prefer to treat assignments as statements rather than using them as rvalues (with occasional exceptions for "for" and "while" loops) - I think

    temp = thing ();

    if (!temp)
      {
        error ();
        return;
      }

    do_something (temp);

is clearer than

    if (!(temp = thing ()))
      {
        error ();
        return;
      }

    do_something (temp);

@@ +116,2 @@
>      {
>        dbus_set_error (error, DBUS_ERROR_FILE_NOT_FOUND, "Could not read nonce from file %s", _dbus_string_get_const_data (fname));

Strictly speaking, FILE_NOT_FOUND is not the right error for the existing "!nread" case anyway: if we successfully opened the file but could not read any bytes from it, that's not "file not found".
Comment 3 Chengwei Yang 2013-12-04 13:03:06 UTC 
(In reply to comment #2)
> Comment on attachment 90209 [details] [review] [review]
> [PATCH] Ensure DBusError is set if _dbus_read_nonce() fail
> 
> Review of attachment 90209 [details] [review] [review]:
> -----------------------------------------------------------------
> 
> Well spotted, but I'd prefer to set a better error.
> 
> ::: dbus/dbus-nonce.c
> @@ +112,4 @@
> >  
> >  
> >    fp = fopen (_dbus_string_get_const_data (fname), "rb");
> > +  if (!fp || !(nread = fread (buffer, 1, sizeof buffer - 1, fp)))
> 
> I feel as though the !fp case ought to use errno and _dbus_strerror; perhaps
> even the function whose name I can't remember that turns a system errno into
> a DBusError name.

Yes, it's _dbus_error_from_errno()

> 
> Style: I usually prefer to treat assignments as statements rather than using
> them as rvalues (with occasional exceptions for "for" and "while" loops) - I
> think
> 
>     temp = thing ();
> 
>     if (!temp)
>       {
>         error ();
>         return;
>       }
> 
>     do_something (temp);
> 
> is clearer than
> 
>     if (!(temp = thing ()))
>       {
>         error ();
>         return;
>       }
> 
>     do_something (temp);
> 

sure, definitely agree.

> @@ +116,2 @@
> >      {
> >        dbus_set_error (error, DBUS_ERROR_FILE_NOT_FOUND, "Could not read nonce from file %s", _dbus_string_get_const_data (fname));
> 
> Strictly speaking, FILE_NOT_FOUND is not the right error for the existing
> "!nread" case anyway: if we successfully opened the file but could not read
> any bytes from it, that's not "file not found".

Yes, I original though I may add a new ERROR type, but then I though "Could not read nonce from file %s" is well enough to cover the file can not open. :-).
Comment 4 Chengwei Yang 2013-12-06 02:57:11 UTC 
Created attachment 90329 [details] [review]
[PATCH v2] Ensure DBusError is set if _dbus_read_nonce() fail

In _dbus_send_nonce() which call in _dbus_read_nonce() and assert on an
error is set if _dbus_read_nonce() fail. However, in _dbus_read_nonce(),
it may fail on fopen() and left error is unset. This will crash us if
assertions hasn't been disabled.

This patch doesn't add any new DBUS_ERROR_, as I saw that the error may happen mostly ENOENT, EACCESS are already here.
Comment 5 Simon McVittie 2013-12-06 13:05:04 UTC 
Comment on attachment 90329 [details] [review]
[PATCH v2] Ensure DBusError is set if _dbus_read_nonce() fail

Review of attachment 90329 [details] [review]:
-----------------------------------------------------------------

Looks good, thanks
Comment 6 Simon McVittie 2014-01-06 16:31:25 UTC 
Fixed in git for 1.7.10, thanks

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.