nitpicker: fix destroy with invalid handle

This patch reworks the 'Session_component::destroy' to cope become
robust against a client-provided invalid view handle. The code did not
consider that 'Handle_registry::has_handle' may throw.

Thanks to Alexander Boettcher for reporting and the initial fix.

Fixes #3232
This commit is contained in:
Norman Feske 2019-03-15 09:22:27 +01:00 committed by Christian Helmuth
parent ff2516deb2
commit 91197804ac
2 changed files with 24 additions and 10 deletions

View File

@ -345,16 +345,22 @@ void Session_component::destroy_view(View_handle handle)
*/ */
for (Session_view_list_elem *v = _view_list.first(); v; v = v->next()) { for (Session_view_list_elem *v = _view_list.first(); v; v = v->next()) {
try { auto handle_matches = [&] (View_component const &view)
View_component &view = *static_cast<View_component *>(v); {
if (_view_handle_registry.has_handle(view, handle)) { try { return _view_handle_registry.has_handle(view, handle); }
_destroy_view(view);
break;
}
} catch (View_handle_registry::Lookup_failed) { }
}
_view_handle_registry.free(handle); /* 'Handle_registry::has_handle' may throw */
catch (...) { return false; };
};
View_component &view = *static_cast<View_component *>(v);
if (handle_matches(view)) {
_destroy_view(view);
_view_handle_registry.free(handle);
break;
}
}
} }

View File

@ -161,6 +161,14 @@ void Component::construct(Genode::Env &env)
return; return;
} }
/* bad-case test */
{
/* issue #3232 */
Nitpicker::Session::View_handle handle { nitpicker.create_view() };
nitpicker.destroy_view(handle);
nitpicker.destroy_view(handle);
}
Genode::Attached_dataspace fb_ds( Genode::Attached_dataspace fb_ds(
env.rm(), nitpicker.framebuffer()->dataspace()); env.rm(), nitpicker.framebuffer()->dataspace());
@ -169,7 +177,7 @@ void Component::construct(Genode::Env &env)
unsigned char *input_mask = CONFIG_ALPHA ? alpha + scr_w*scr_h : 0; unsigned char *input_mask = CONFIG_ALPHA ? alpha + scr_w*scr_h : 0;
/* /*
* Paint some crap into pixel buffer, fill alpha channel and input-mask buffer * Paint into pixel buffer, fill alpha channel and input-mask buffer
* *
* Input should refer to the view if the alpha value is more than 50%. * Input should refer to the view if the alpha value is more than 50%.
*/ */