Invalid error check due to signed/unsigned confusion #780
Description
In the function _read_text_file_content_without_trailing_newline in the file
modules/afsocket/transport-unix-socket.c
there is a bug in the error check.
The code sets content_len to the return value of _read_text_file_content. That function returns -1 in case of an error. Then there is a check for (content_len <= 0).
The problem: cotent_len is of type gsize (unsigned), while _read_text_file_content returns gssize (signed). If it returns -1 this can't be stored in conten_len and will underflow, thus the error check will be skipped.
This causes some invalid memory reads which I detected with Address Sanitizer.
To fix this content_len must also be gssize (signed), so it can be -1. This patch (also attached) will fix it:
a/modules/afsocket/transport-unix-socket.c 2015-10-27 09:08:53.000000000 +0100
+++ b/modules/afsocket/transport-unix-socket.c 2015-11-11 17:30:21.019247981 +0100
@@ -86,7 +86,7 @@
static gssize
_read_text_file_content_without_trailing_newline(const gchar *filename, gchar *buf, gsize buflen)
{
- gsize content_len;
+ gssize content_len;
content_len = _read_text_file_content(filename, buf, buflen);
if (content_len <= 0)