From 5e53cb25a318a5dc4950a54006ffdc8b890f8f80 Mon Sep 17 00:00:00 2001 From: ffashion Date: Fri, 1 Mar 2024 17:26:38 +0800 Subject: [PATCH] fix parse: fix read user's dlen cause seg fault --- src/adb/xdbd_adb.c | 18 ++++-------------- src/adb/xdbd_adb_request.c | 15 +++++++++++++++ src/xdbd.c | 1 + 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/src/adb/xdbd_adb.c b/src/adb/xdbd_adb.c index 7e2e8d8..ef7b84f 100644 --- a/src/adb/xdbd_adb.c +++ b/src/adb/xdbd_adb.c @@ -57,25 +57,17 @@ size_t xdbd_adb_read_adb_header(xdbd_adb_request_t *r) { int xdbd_adb_parse_adb_header(xdbd_adb_request_t *r, xdbd_buf_t *b) { ssize_t n; - + xdbd_adb_packet_t *p; n = xdbd_buf_size(b); if (n < sizeof(xdbd_adb_header_t)) { return XDBD_AGAIN; } - xdbd_memcpy(&r->h, b->start, sizeof(xdbd_adb_header_t)); - - r->p = xdbd_pcalloc(r->temp_pool, sizeof(xdbd_adb_packet_t)); - if (r->p == NULL) { - return XDBD_ERR; - } - - r->p->payload = xdbd_create_buf(r->temp_pool, r->h.dlen); - if (r->p->payload == NULL) { - return XDBD_ERR; - } + p = r->p; + xdbd_memcpy(&r->h, b->start, sizeof(xdbd_adb_header_t)); + p->header = r->h; r->buffer->pos += sizeof(xdbd_adb_header_t); return XDBD_OK; @@ -123,8 +115,6 @@ size_t xdbd_adb_read_adb_payload(xdbd_adb_request_t *r) { } int xdbd_adb_parse_adb_payload(xdbd_adb_request_t *r, xdbd_buf_t *b) { - r->p->header = r->h; - xdbd_buf_append_buf(r->p->payload, r->pool, b); xdbd_dump_adb_packet(r->pool, r->p); diff --git a/src/adb/xdbd_adb_request.c b/src/adb/xdbd_adb_request.c index 58d636a..7d922ee 100644 --- a/src/adb/xdbd_adb_request.c +++ b/src/adb/xdbd_adb_request.c @@ -1,9 +1,13 @@ +#include "adb.h" +#include "xdbd_adb.h" +#include "xdbd_buf.h" #include "xdbd_pool.h" #include #include xdbd_adb_request_t *xdbd_adb_create_request(xdbd_connection_t *c) { xdbd_adb_request_t *r; + xdbd_adb_packet_t *p; r = xdbd_pcalloc(c->pool, sizeof(xdbd_adb_request_t)); if (r == NULL) { @@ -17,5 +21,16 @@ xdbd_adb_request_t *xdbd_adb_create_request(xdbd_connection_t *c) { r->coonection = c; + p = xdbd_pcalloc(r->pool, sizeof(xdbd_adb_packet_t)); + if (p == NULL) { + return NULL; + } + + p->payload = xdbd_create_buf(r->pool, ADB_MAX_PACKET_SIZE); + if (p->payload == NULL) { + return NULL; + } + + r->p = p; return r; } diff --git a/src/xdbd.c b/src/xdbd.c index 81be579..d597c56 100644 --- a/src/xdbd.c +++ b/src/xdbd.c @@ -1,3 +1,4 @@ +#include "bfdev/log.h" #include #include #include