wn/libmbus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed potential segmentation faults

Browse Source
This commit is contained in:
Stefan Wahren 2012-05-18 13:35:02 +02:00
parent 2c98c6c54d
commit 11f6392df3
4 changed files with 99 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
mbus/mbus-protocol-aux.c
View File

@ -708,6 +708,12 @@ int mbus_fixed_normalize(int medium_unit, long medium_value, char **unit_out, do
int i; int i;
medium_unit = medium_unit & 0x3F; medium_unit = medium_unit & 0x3F;
if (unit_out == NULL || value_out == NULL || quantity_out == NULL)
{
MBUS_ERROR("%s: Invalid parameter.\n", __PRETTY_FUNCTION__);
return -1;
}
switch (medium_unit) switch (medium_unit)
{ {
case 0x00: case 0x00:
@ -909,6 +915,12 @@ mbus_vif_unit_normalize(int vif, double value, char **unit_out, double *value_ou
int i; int i;
if (unit_out == NULL || value_out == NULL || quantity_out == NULL)
{
MBUS_ERROR("%s: Invalid parameter.\n", __PRETTY_FUNCTION__);
return -1;
}
for(i=0; vif_table[i].vif < 0xfff; ++i) for(i=0; vif_table[i].vif < 0xfff; ++i)
{ {
if (vif_table[i].vif == newVif) if (vif_table[i].vif == newVif)
@ -932,6 +944,7 @@ int
mbus_vib_unit_normalize(mbus_value_information_block *vib, double value, char **unit_out, double *value_out, char **quantity_out) mbus_vib_unit_normalize(mbus_value_information_block *vib, double value, char **unit_out, double *value_out, char **quantity_out)
{ {
MBUS_DEBUG("%s: vib_unit_normalize - VIF=0x%02X\n", __PRETTY_FUNCTION__, vib->vif); MBUS_DEBUG("%s: vib_unit_normalize - VIF=0x%02X\n", __PRETTY_FUNCTION__, vib->vif);
if (vib->vif == 0xFD) /* first type of VIF extention: see table 8.4.4 a */ if (vib->vif == 0xFD) /* first type of VIF extention: see table 8.4.4 a */
{ {
if (vib->nvife == 0) if (vib->nvife == 0)
@ -1007,30 +1020,33 @@ mbus_record_new()
void void
mbus_record_free(mbus_record * rec) mbus_record_free(mbus_record * rec)
{ {
if (! rec->is_numeric) if (rec)
{ {
free((rec->value).str_val.value); if (! rec->is_numeric)
(rec->value).str_val.value = NULL; {
} free((rec->value).str_val.value);
(rec->value).str_val.value = NULL;
}
if (rec->unit) if (rec->unit)
{ {
free(rec->unit); free(rec->unit);
rec->unit = NULL; rec->unit = NULL;
} }
if (rec->function_medium) if (rec->function_medium)
{ {
free(rec->function_medium); free(rec->function_medium);
rec->function_medium = NULL; rec->function_medium = NULL;
} }
if (rec->quantity) if (rec->quantity)
{ {
free(rec->quantity); free(rec->quantity);
rec->quantity = NULL; rec->quantity = NULL;
}
free(rec);
} }
free(rec);
} }
@ -1080,6 +1096,12 @@ mbus_parse_variable_record(mbus_data_record *data)
int value_out_str_size = 0; int value_out_str_size = 0;
double real_val = 0.0; /**< normalized value */ double real_val = 0.0; /**< normalized value */
if (data == NULL)
{
MBUS_ERROR("%s: Invalid record.\n", __PRETTY_FUNCTION__);
return NULL;
}
if (!(record = mbus_record_new())) if (!(record = mbus_record_new()))
{ {
MBUS_ERROR("%s: memory allocation error\n", __PRETTY_FUNCTION__); MBUS_ERROR("%s: memory allocation error\n", __PRETTY_FUNCTION__);
@ -1773,6 +1795,12 @@ mbus_probe_secondary_address(mbus_handle * handle, const char *mask, char *match
int mbus_read_slave(mbus_handle * handle, mbus_address *address, mbus_frame * reply) int mbus_read_slave(mbus_handle * handle, mbus_address *address, mbus_frame * reply)
{ {
if (handle == NULL || address == NULL)
{
MBUS_ERROR("%s: Invalid handle or address.\n", __PRETTY_FUNCTION__);
return -1;
}
if (address->is_primary) if (address->is_primary)
{ {
if (mbus_send_request_frame(handle, address->primary) == -1) if (mbus_send_request_frame(handle, address->primary) == -1)
@ -1847,6 +1875,12 @@ mbus_scan_2nd_address_range(mbus_handle * handle, int pos, char *addr_mask)
int i, i_start, i_end, probe_ret; int i, i_start, i_end, probe_ret;
char *mask, matching_mask[17]; char *mask, matching_mask[17];
if (handle == NULL || addr_mask == NULL)
{
MBUS_ERROR("%s: Invalid handle or address mask.\n", __PRETTY_FUNCTION__);
return -1;
}
if (strlen(addr_mask) != 16) if (strlen(addr_mask) != 16)
{ {
fprintf(stderr, "%s: Illegal address mask [%s]. Not 16 characters long.\n", __PRETTY_FUNCTION__, addr_mask); fprintf(stderr, "%s: Illegal address mask [%s]. Not 16 characters long.\n", __PRETTY_FUNCTION__, addr_mask);

58
mbus/mbus-protocol.c
View File

@ -620,9 +620,13 @@ mbus_data_str_decode(u_char *dst, const u_char *src, size_t len)
size_t i; size_t i;
i = 0; i = 0;
dst[len] = '\0';
while(len > 0) { if (src && dst)
dst[i++] = src[--len]; {
dst[len] = '\0';
while(len > 0) {
dst[i++] = src[--len];
}
} }
} }
@ -639,18 +643,21 @@ mbus_data_bin_decode(u_char *dst, const u_char *src, size_t len, size_t max_len)
i = 0; i = 0;
pos = 0; pos = 0;
while((i < len) && ((pos+3) < max_len)) { if (src && dst)
pos += snprintf(&dst[pos], max_len - pos, "%.2X ", src[i]);
i++;
}
if (pos > 0)
{ {
// remove last space while((i < len) && ((pos+3) < max_len)) {
pos--; pos += snprintf(&dst[pos], max_len - pos, "%.2X ", src[i]);
} i++;
}
dst[pos] = '\0'; if (pos > 0)
{
// remove last space
pos--;
}
dst[pos] = '\0';
}
} }
//------------------------------------------------------------------------------ //------------------------------------------------------------------------------
@ -661,16 +668,16 @@ mbus_data_bin_decode(u_char *dst, const u_char *src, size_t len, size_t max_len)
void void
mbus_data_tm_decode(struct tm *t, u_char *t_data, size_t t_data_size) mbus_data_tm_decode(struct tm *t, u_char *t_data, size_t t_data_size)
{ {
t->tm_sec = 0;
t->tm_min = 0;
t->tm_hour = 0;
t->tm_mday = 0;
t->tm_mon = 0;
t->tm_year = 0;
t->tm_isdst = 0;
if (t && t_data) if (t && t_data)
{ {
t->tm_sec = 0;
t->tm_min = 0;
t->tm_hour = 0;
t->tm_mday = 0;
t->tm_mon = 0;
t->tm_year = 0;
t->tm_isdst = 0;
if (t_data_size == 4) // Type F = Compound CP32: Date and Time if (t_data_size == 4) // Type F = Compound CP32: Date and Time
{ {
if ((t_data[0] & 0x80) == 0) // Time valid ? if ((t_data[0] & 0x80) == 0) // Time valid ?
@ -1748,6 +1755,9 @@ mbus_vib_unit_lookup(mbus_value_information_block *vib)
static char buff[256]; static char buff[256];
int n; int n;
if (vib == NULL)
return "";
if (vib->vif == 0xFD || vib->vif == 0xFB) // first type of VIF extention: see table 8.4.4 if (vib->vif == 0xFD || vib->vif == 0xFB) // first type of VIF extention: see table 8.4.4
{ {
if (vib->nvife == 0) if (vib->nvife == 0)
@ -2965,6 +2975,9 @@ mbus_hex_dump(const char *label, const char *buff, size_t len)
char timestamp[21]; char timestamp[21];
size_t i; size_t i;
if (label == NULL || buff == NULL)
return;
time ( &rawtime ); time ( &rawtime );
timeinfo = gmtime ( &rawtime ); timeinfo = gmtime ( &rawtime );
@ -3006,6 +3019,9 @@ mbus_str_xml_encode(u_char *dst, const u_char *src, size_t max_len)
i = 0; i = 0;
len = 0; len = 0;
if (dst == NULL)
return;
if (src != NULL) if (src != NULL)
{ {
while((len+6) < max_len) while((len+6) < max_len)

3
mbus/mbus-serial.c
View File

@ -225,6 +225,9 @@ mbus_serial_recv_frame(mbus_serial_handle *handle, mbus_frame *frame)
char buff[PACKET_BUFF_SIZE]; char buff[PACKET_BUFF_SIZE];
int len, remaining, nread; int len, remaining, nread;
if (handle == NULL || frame == NULL)
return -1;
bzero((void *)buff, sizeof(buff)); bzero((void *)buff, sizeof(buff));
// //

3
mbus/mbus-tcp.c
View File

@ -166,6 +166,9 @@ mbus_tcp_recv_frame(mbus_tcp_handle *handle, mbus_frame *frame)
char buff[PACKET_BUFF_SIZE]; char buff[PACKET_BUFF_SIZE];
int len, remaining, nread; int len, remaining, nread;
if (handle == NULL || frame == NULL)
return -1;
bzero((void *)buff, sizeof(buff)); bzero((void *)buff, sizeof(buff));
// //