Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redundant variable generated in deserialize operation, deserialize result not checked #3133

Open
jwillemsen opened this issue Nov 3, 2021 · 1 comment
Open

Redundant variable generated in deserialize operation, deserialize result not checked #3133

jwillemsen opened this issue Nov 3, 2021 · 1 comment
Labels
enhancement intermediate

Comments

@jwillemsen
Copy link
Member

See generated dds/DCPS/RTPS/RtpsCoreTypeSupportImpl.cpp, it contains the following operation, see that tempvar is generated on the stack, the length is set, but not used at all. Also the return value of strm >> tempvar_9tmp_9var_forany is not checked

bool operator>>(Serializer& strm,  ::OpenDDS::RTPS::FilterSignatureSeq& seq)
{
  ACE_UNUSED_ARG(strm);
  ACE_UNUSED_ARG(seq);
  const Encoding& encoding = strm.encoding();
  ACE_UNUSED_ARG(encoding);
  size_t total_size = 0;
  if (encoding.xcdr_version() == Encoding::XCDR_VERSION_2) {
    if (!strm.read_delimiter(total_size)) {
      return false;
    }
  }
  const size_t end_of_seq = strm.rpos() + total_size;
  CORBA::ULong length;
  if (!(strm >> length)) {
    return false;
  }
  if (length > strm.length()) {
    if (DCPS_debug_level >= 8) {
      ACE_DEBUG((LM_DEBUG, ACE_TEXT("(%P|%t) Invalid sequence length (%u)\n"), length));
    }
    return false;
  }
  CORBA::ULong new_length = length;
  seq.length(new_length);
  for (CORBA::ULong i = 0; i < new_length; ++i) {
     ::OpenDDS::RTPS::FilterSignature_t_var seq_i_tmp_var=  ::OpenDDS::RTPS::FilterSignature_t_alloc();
     ::OpenDDS::RTPS::FilterSignature_t_forany seq_9i_9tmp_9var_forany = seq_i_tmp_var.inout();
     if (!(strm >> seq_9i_9tmp_9var_forany)) {
      strm.set_construction_status(Serializer::ElementConstructionFailure);
      if (encoding.xcdr_version() == Encoding::XCDR_VERSION_2) {
        strm.skip(end_of_seq - strm.rpos());
      } else {
         ::OpenDDS::RTPS::FilterSignatureSeq tempvar;
        tempvar.length(1);
        for (CORBA::ULong j = i + 1; j < length; ++j) {
           ::OpenDDS::RTPS::FilterSignature_t_var tempvar_tmp_var=  ::OpenDDS::RTPS::FilterSignature_t_alloc();
           ::OpenDDS::RTPS::FilterSignature_t_forany tempvar_9tmp_9var_forany = tempvar_tmp_var.inout();
          strm >> tempvar_9tmp_9var_forany;
        }
      }
      return false;
    }
     ::OpenDDS::RTPS::FilterSignature_t_copy(seq[i], seq_i_tmp_var.in());
  }
  if (new_length != length) {
    if (encoding.xcdr_version() == Encoding::XCDR_VERSION_2) {
      strm.skip(end_of_seq - strm.rpos());
    } else {
       ::OpenDDS::RTPS::FilterSignatureSeq tempvar;
      tempvar.length(1);
      for (CORBA::ULong j = new_length + 1; j < length; ++j) {
         ::OpenDDS::RTPS::FilterSignature_t_var tempvar_tmp_var=  ::OpenDDS::RTPS::FilterSignature_t_alloc();
         ::OpenDDS::RTPS::FilterSignature_t_forany tempvar_9tmp_9var_forany = tempvar_tmp_var.inout();
        strm >> tempvar_9tmp_9var_forany;
      }
    }
    strm.set_construction_status(Serializer::BoundConstructionFailure);
    return false;
  }
  return true;
}
@mitza-oci
Copy link
Member

If deserialization fails and strm.set_construction_status(Serializer::ElementConstructionFailure); is reached, the method returns false and both the stream position and the rhs object are not used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement intermediate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jwillemsen @jrw972 @mitza-oci