implemented addtional command checks to prevent segfaults

marazmista · Jan 24, 2019 · 992f4b2 · 992f4b2
1 parent 8c57079
commit 992f4b2
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 4 deletions.
diff --git a/radeon-profile-daemon/rpdthread.cpp b/radeon-profile-daemon/rpdthread.cpp
@@ -63,6 +63,7 @@ void rpdThread::onTimer() {
 //
 // 4 - start timer with given interval
 // 5 - stop timer
+// 6 - shared mem key
 void rpdThread::performTask(const QString &signal) {
  qDebug() << "Performing task: " << signal;
 
@@ -71,7 +72,9 @@ void rpdThread::performTask(const QString &signal) {
  return;
  }
 
- QStringList instructions = signal.split(SEPARATOR, QString::SkipEmptyParts);
+ QStringList instructions = signal.split(SEPARATOR);
+ instructions.removeLast();
+
  int size = instructions.size();
 
  // Cycle through instructions
@@ -84,6 +87,11 @@ void rpdThread::performTask(const QString &signal) {
  case SIGNAL_CONFIG:
  qDebug() << "Elaborating a CONFIG signal";
 
+ if (!checkRequiredCommandLength(1, index, size)) {
+ qCritical() << "Invalid command! (index out of bounds)";
+ return;
+ }
+
  if (!configure(instructions[++index]))
  qWarning() << "Configuration failed.";
 
@@ -98,9 +106,10 @@ void rpdThread::performTask(const QString &signal) {
  // SIGNAL_SET_VALUE + SEPARATOR + VALUE + SEPARATOR + PATH + SEPARATOR
  case SIGNAL_SET_VALUE: {
  qDebug() << "Elaborating a SET_VALUE signal";
- if (index > (size - 1)) {
- qWarning() << "Received a SET_VALUE signal with no path: " << signal;
- break;
+
+ if (!checkRequiredCommandLength(2, index, size)) {
+ qCritical() << "Invalid command! (index out of bounds)";
+ return;
  }
 
  const QString value = instructions[++index],
@@ -113,6 +122,12 @@ void rpdThread::performTask(const QString &signal) {
  // SIGNAL_TIMER_ON + SEPARATOR + INTERVAL + SEPARATOR
  case SIGNAL_TIMER_ON: {
  qDebug() << "Elaborating a TIMER_ON signal";
+
+ if (!checkRequiredCommandLength(1, index, size)) {
+ qCritical() << "Invalid command! (index out of bounds)";
+ return;
+ }
+
  int inputMillis = instructions[++index].toInt(); // Seconds integer
 
  if (inputMillis < 1) {
@@ -132,6 +147,12 @@ void rpdThread::performTask(const QString &signal) {
  break;
 
  case SIGNAL_SHAREDMEM_KEY: {
+
+ if (!checkRequiredCommandLength(1, index, size)) {
+ qCritical() << "Invalid command! (index out of bounds)";
+ return;
+ }
+
  QString key = instructions[++index];
  qDebug() << "Shared memory key: " << key;
  configureSharedMem(key);
@@ -145,6 +166,13 @@ void rpdThread::performTask(const QString &signal) {
  }
 }
 
+bool rpdThread::checkRequiredCommandLength(unsigned required, unsigned currentIndex, unsigned size) {
+ if (size <= currentIndex + required)
+ return false;
+
+ return true;
+}
+
 bool rpdThread::configure(const QString &filePath) {
  if (!filePath.startsWith("/sys/kernel/debug/dri/")) {
  // The file path is not in whitelisted directories

diff --git a/radeon-profile-daemon/rpdthread.h b/radeon-profile-daemon/rpdthread.h
@@ -65,6 +65,7 @@ public slots:
  void performTask(const QString &signal);
  bool configure(const QString &filePath);
  void configureSharedMem(const QString &key);
+ bool checkRequiredCommandLength(unsigned required, unsigned currentIndex, unsigned size);
 };
 
 #endif // RPDTHREAD_H