From af6139da08438925f76219e19b309aaf6ed88454 Mon Sep 17 00:00:00 2001 From: Claudia Pellegrino Date: Mon, 8 Jan 2024 09:59:06 +0100 Subject: [PATCH] Fix segfault if file descriptor unavailable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The `get_java_var_long` function returns 0 in several failure modes, e.g. if a file descriptor is unavailable. [1] However, one of the call sites is missing the result check, which causes a JVM segfault if the return value is 0. The segfault occurs on dereferencing the pointer: [2] ```c eis->eventflags[SPE_DATA_AVAILABLE] ``` Add a result value check, throwing a proper IOException if it is 0. See also similar issue #59. [3] Fixes #112 [4], #136 [5] and #242 [6]. [1]: https://github.com/NeuronRobotics/nrjavaserial/blob/0df8b60485a56d7698b71183237b5615d02a8194/src/main/c/src/SerialImp.c#L5137-L5142 [2]: https://github.com/NeuronRobotics/nrjavaserial/blob/0df8b60485a56d7698b71183237b5615d02a8194/src/main/c/src/SerialImp.c#L3085 [3]: https://github.com/NeuronRobotics/nrjavaserial/issues/59 [4]: https://github.com/NeuronRobotics/nrjavaserial/issues/112 [5]: https://github.com/NeuronRobotics/nrjavaserial/issues/136 [6]: https://github.com/NeuronRobotics/nrjavaserial/issues/242 Reported-by: Alex Vasiliev <@alex-vas> Reported-by: Ɓukasz Dywicki Reported-by: Jose Pacelli Reported-by: Frank Hartwig --- src/main/c/src/SerialImp.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/main/c/src/SerialImp.c b/src/main/c/src/SerialImp.c index 4fca01d..3b7c5e2 100644 --- a/src/main/c/src/SerialImp.c +++ b/src/main/c/src/SerialImp.c @@ -3081,6 +3081,11 @@ int read_byte_array( JNIEnv *env, struct event_info_struct *eis = ( struct event_info_struct * ) get_java_var_long( env, *jobj,"eis","J" ); + if (eis == NULL) { + throw_java_exception(env, IO_EXCEPTION, "read_byte_array", + "Unable to read byte array"); + return -1; + } report_time_start(); flag = eis->eventflags[SPE_DATA_AVAILABLE]; eis->eventflags[SPE_DATA_AVAILABLE] = 0;