[gbinder] Remove unnecessary checks for NULL. JB#61912

And fix potential use after free.
2024-04-11 03:26:17 +03:00 · 2024-04-11 03:26:17 +03:00 · 3e0d0005ce
parent 29718f921f
commit 3e0d0005ce
5 changed files with 26 additions and 35 deletions
--- a/src/gbinder_driver.c
+++ b/src/gbinder_driver.c
@ -1,6 +1,6 @@
 /*
 * Copyright (C) 2018-2022 Jolla Ltd.
- * Copyright (C) 2018-2022 Slava Monich <slava.monich@jolla.com>
+ * Copyright (C) 2018-2024 Slava Monich <slava@monich.com>
 *
 * You may use this file under the terms of BSD license as follows:
 *
@ -813,7 +813,7 @@ gbinder_driver_txstatus(
            gbinder_driver_verbose_transaction_data("BR_REPLY", &tx);

            /* Transfer data ownership to the reply */
-            if (tx.data && tx.size) {
+            if (tx.data && tx.size && reply) {
                GBinderBuffer* buf = gbinder_buffer_new(self,
                    tx.data, tx.size, tx.objects);

--- a/src/gbinder_remote_reply.c
+++ b/src/gbinder_remote_reply.c
@ -1,6 +1,6 @@
 /*
 * Copyright (C) 2018-2022 Jolla Ltd.
- * Copyright (C) 2018-2022 Slava Monich <slava.monich@jolla.com>
+ * Copyright (C) 2018-2024 Slava Monich <slava@monich.com>
 *
 * You may use this file under the terms of BSD license as follows:
 *
@ -73,15 +73,12 @@ gbinder_remote_reply_set_data(
    GBinderRemoteReply* self,
    GBinderBuffer* buffer)
 {
-    if (G_LIKELY(self)) {
-        GBinderReaderData* data = &self->data;
+    /* The caller checks the pointer for NULL */
+    GBinderReaderData* data = &self->data;

-        gbinder_buffer_free(data->buffer);
-        data->buffer = buffer;
-        data->objects = gbinder_buffer_objects(buffer);
-    } else {
-        gbinder_buffer_free(buffer);
-    }
+    gbinder_buffer_free(data->buffer);
+    data->buffer = buffer;
+    data->objects = gbinder_buffer_objects(buffer);
 }

 GBinderRemoteReply*
--- a/src/gbinder_remote_request.c
+++ b/src/gbinder_remote_request.c
@ -1,6 +1,6 @@
 /*
 * Copyright (C) 2018-2021 Jolla Ltd.
- * Copyright (C) 2018-2021 Slava Monich <slava.monich@jolla.com>
+ * Copyright (C) 2018-2024 Slava Monich <slava@monich.com>
 *
 * You may use this file under the terms of BSD license as follows:
 *
@ -162,29 +162,25 @@ gbinder_remote_request_set_data(
    guint32 txcode,
    GBinderBuffer* buffer)
 {
+    /* The caller never passes NULL req */
    GBinderRemoteRequestPriv* self = gbinder_remote_request_cast(req);
+    GBinderReaderData* data = &self->data;
+    GBinderReader reader;

-    if (G_LIKELY(self)) {
-        GBinderReaderData* data = &self->data;
-        GBinderReader reader;
+    g_free(self->iface2);
+    gbinder_buffer_free(data->buffer);
+    data->buffer = buffer;
+    data->objects = gbinder_buffer_objects(buffer);

-        g_free(self->iface2);
-        gbinder_buffer_free(data->buffer);
-        data->buffer = buffer;
-        data->objects = gbinder_buffer_objects(buffer);
-
-        /* Parse RPC header */
-        gbinder_remote_request_init_reader2(self, &reader);
-        self->iface = self->protocol->read_rpc_header(&reader, txcode,
-            &self->iface2);
-        if (self->iface) {
-            self->header_size = gbinder_reader_bytes_read(&reader);
-        } else {
-            /* No RPC header */
-            self->header_size = 0;
-        }
+    /* Parse RPC header */
+    gbinder_remote_request_init_reader2(self, &reader);
+    self->iface = self->protocol->read_rpc_header(&reader, txcode,
+        &self->iface2);
+    if (self->iface) {
+        self->header_size = gbinder_reader_bytes_read(&reader);
    } else {
-        gbinder_buffer_free(buffer);
+        /* No RPC header */
+        self->header_size = 0;
    }
 }

--- a/unit/unit_remote_reply/unit_remote_reply.c
+++ b/unit/unit_remote_reply/unit_remote_reply.c
@ -1,6 +1,6 @@
 /*
 * Copyright (C) 2018-2022 Jolla Ltd.
- * Copyright (C) 2018-2022 Slava Monich <slava.monich@jolla.com>
+ * Copyright (C) 2018-2024 Slava Monich <slava@monich.com>
 *
 * You may use this file under the terms of BSD license as follows:
 *
@ -95,7 +95,6 @@ test_null(

    g_assert(!gbinder_remote_reply_ref(NULL));
    gbinder_remote_reply_unref(NULL);
-    gbinder_remote_reply_set_data(NULL, NULL);
    gbinder_remote_reply_init_reader(NULL, &reader);
    g_assert(gbinder_reader_at_end(&reader));
    g_assert(gbinder_remote_reply_is_empty(NULL));
--- a/unit/unit_remote_request/unit_remote_request.c
+++ b/unit/unit_remote_request/unit_remote_request.c
@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018-2023 Slava Monich <slava@monich.com>
+ * Copyright (C) 2018-2024 Slava Monich <slava@monich.com>
 * Copyright (C) 2018-2022 Jolla Ltd.
 *
 * You may use this file under the terms of BSD license as follows:
@ -74,7 +74,6 @@ test_null(

    g_assert(!gbinder_remote_request_ref(NULL));
    gbinder_remote_request_unref(NULL);
-    gbinder_remote_request_set_data(NULL, 0, NULL);
    gbinder_remote_request_init_reader(NULL, &reader);
    gbinder_remote_request_block(NULL);
    gbinder_remote_request_complete(NULL, NULL, 0);