[Sblim-commit] sfcb objectImpl.c,1.53,1.54

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/sblim/sfcb
In directory vz-cvs-3.sog:/tmp/cvs-serv15710

Modified Files:
	objectImpl.c 
Log Message:
[3471814] segfault in objectImpl.c:131,ClObjectGetClString


Index: objectImpl.c
===================================================================
RCS file: /cvsroot/sblim/sfcb/objectImpl.c,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -d -r1.53 -r1.54

--- objectImpl.c	21 Jun 2011 22:15:09 -0000	1.53
+++ objectImpl.c	8 Mar 2012 06:26:23 -0000	1.54
@@ -483,6 +483,63 @@
   _SFCB_EXIT();
 }
 
+/* Removes an object from the string buffer. The CMPIData pointing to that 
+   object remains intact. A call to this function MUST be followed by a
+   call to addClObject(), else one of the CMPIData entries will be invalid.
+
+   id - the number of the entry to be removed   
+ */
+static void
+removeClObject(ClObjectHdr * hdr, int id)
+{
+   _SFCB_ENTER(TRACE_OBJECTIMPL, "removeClObject");
+   //   fprintf(stderr, "replaceClString: %p replacing entry for we're skipping %d\n", hdr, (id-1));
+   char *ts, *fs, *tmpstr = NULL;
+   long i, l, u;
+   ClStrBuf *fb;
+
+   fb = getStrBufPtr(hdr);   
+   ts = (char *) malloc(fb->bUsed); /* tmp string buffer */
+   fs = &fb->buf[0];
+
+   for (u = i = 0; i < fb->iUsed; i++) {
+      if (i != id - 1) {    /* loop through and copy over all _other_ properties */
+        //      fprintf(stderr, "replace: keeping %ld\n", i);
+         char *f = fs + fb->indexPtr[i];
+         l = fb->indexPtr[i+1] - fb->indexPtr[i];
+
+         /* Bugzilla 74159 - Align the string buffer & null terminate */
+         /*if (l % sizeof(long) != 0) {
+           l = ALIGN((fb->indexPtr[i+1] - fb->indexPtr[i]), CLALIGN);
+           tmpstr = calloc(1,l);
+           if (tmpstr == NULL) {
+             _SFCB_TRACE(1, ("objectImpl:replaceClString: calloc failed for tmpstr"));
+           }
+           memcpy(tmpstr, f, l);
+         } */
+
+         fb->indexPtr[i] = u;
+
+         /*if (tmpstr != NULL) {
+           memcpy(ts + u, tmpstr, l);
+           free(tmpstr); 
+           tmpstr = NULL;
+         }
+         else */
+           memcpy(ts + u, f, l);
+
+         u += l;
+      }
+   }
+   memcpy(fs, ts, u);
+   fb->bUsed = u;
+   free(ts);
+
+   fb->iUsed--; /* fixup the item count, since we have one fewer elements */
+
+  _SFCB_EXIT();
+}
+
 //hack to get anything into a stringbuffer
 static void replaceClObject(ClObjectHdr * hdr, int id, const void *obj, int size)
 {
@@ -1496,6 +1553,25 @@
             free(blob);
          }
       }
+      /* bugzilla 75997 - hdr->type is args */
+      else if (hdr->type == HDR_Args &&
+               od.type == CMPI_instance && (d.state & CMPI_nullValue) == 0) {
+         if (d.type != CMPI_instance) {
+            _SFCB_RETURN(CMPI_RC_ERR_TYPE_MISMATCH);
+         }
+         else {
+            (p + i - 1)->data = d;
+            int size = getInstanceSerializedSize(d.value.inst);
+            void * blob = malloc(size);
+            getSerializedInstance(d.value.inst, blob);
+	    //fprintf(stderr, "od.value.inst = %ld\n", (long)od.value.inst);
+            if (od.value.inst) {
+               removeClObject(hdr, (long)od.value.inst);
+            }
+            (p + i - 1)->data.value.inst = (CMPIInstance *) addClObject(hdr, blob, size);
+            free(blob);
+         }
+      }
       else(p + i - 1)->data = d;
       
       _SFCB_RETURN(i);



