VirtualBox

Changeset 98574 in vbox


Ignore:
Timestamp:
Feb 15, 2023 12:24:25 AM (2 years ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
155860
Message:

HGCMMock.h,tstGuestControlMockHGCM: Fixed memory overrun wrt client memory. Quick fix for use-after-free wrt call parameters (may still leak stuff because the code seems a bit uncertain about who does what). Disabled some non-working copy-paste tests.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/VBox/GuestHost/HGCMMock.h

    r98531 r98574  
    171171     *  0 is considered as being invalid. */
    172172    HGCMCLIENTID       uNextClientId;
    173     /** Size (in bytes) of opaque pvClient area to reserve
    174      *  for a connected client. */
    175     size_t             cbClient;
    176173    /** Array of connected HGCM mock clients.
    177174     *  Currently limited to 4 clients maximum. */
     
    198195
    199196/** Static HGCM service to mock. */
    200 static TSTHGCMMOCKSVC s_tstHgcmSvc;
     197static TSTHGCMMOCKSVC g_tstHgcmSvc;
     198
    201199
    202200/*********************************************************************************************************************************
     
    206204PTSTHGCMMOCKCLIENT TstHgcmMockSvcWaitForConnectEx(PTSTHGCMMOCKSVC pSvc, RTMSINTERVAL msTimeout);
    207205PTSTHGCMMOCKCLIENT TstHgcmMockSvcWaitForConnect(PTSTHGCMMOCKSVC pSvc);
    208 int                TstHgcmMockSvcCreate(PTSTHGCMMOCKSVC pSvc, size_t cbClient);
     206int                TstHgcmMockSvcCreate(PTSTHGCMMOCKSVC pSvc);
    209207int                TstHgcmMockSvcDestroy(PTSTHGCMMOCKSVC pSvc);
    210208int                TstHgcmMockSvcStart(PTSTHGCMMOCKSVC pSvc);
     
    281279    PTSTHGCMMOCKCLIENT pClient = &pSvc->aHgcmClient[pSvc->uNextClientId];
    282280
    283     int rc = tstHgcmMockClientInit(pClient, pSvc->uNextClientId, pSvc->cbClient);
     281    int rc = tstHgcmMockClientInit(pClient, pSvc->uNextClientId, pSvc->fnTable.cbClient);
    284282    if (RT_FAILURE(rc))
    285283        return rc;
     
    349347    pFn->u.Call.hCall    = callHandle;
    350348    pFn->u.Call.iFunc    = function;
    351     pFn->u.Call.pParms   = (PVBOXHGCMSVCPARM)RTMemDup(paParms, cbParms);
     349    PVBOXHGCMSVCPARM const paParmsCopy = (PVBOXHGCMSVCPARM)RTMemDup(paParms, cbParms);
     350    pFn->u.Call.pParms   = paParmsCopy;
    352351    AssertPtrReturn(pFn->u.Call.pParms, VERR_NO_MEMORY);
    353352    pFn->u.Call.cParms   = cParms;
     
    361360    AssertRCReturn(rc2, rc2);
    362361
    363     memcpy(paParms, pFn->u.Call.pParms, cbParms);
     362    memcpy(paParms, paParmsCopy, cbParms);
     363    /** @todo  paParmsCopy is leaked, right? Doesn't appear to be a
     364     *         use-after-free here. (pFn is freeded though) */
    364365
    365366    return VINF_SUCCESS; /** @todo Return host call rc */
     
    503504                    case TSTHGCMMOCKFNTYPE_CALL:
    504505                    {
    505                         pSvc->fnTable.pfnCall(NULL, pFn->u.Call.hCall, pFn->pClient->idClient, pFn->pClient->pvClient,
    506                                               pFn->u.Call.iFunc, pFn->u.Call.cParms, pFn->u.Call.pParms, RTTimeMilliTS());
     506                        pSvc->fnTable.pfnCall(pSvc->fnTable.pvService, pFn->u.Call.hCall, pFn->pClient->idClient,
     507                                              pFn->pClient->pvClient, pFn->u.Call.iFunc, pFn->u.Call.cParms,
     508                                              pFn->u.Call.pParms, RTTimeNanoTS());
    507509
    508510                        /* Note: Call will be completed in the call completion callback. */
     
    512514                    case TSTHGCMMOCKFNTYPE_HOST_CALL:
    513515                    {
    514                         pSvc->rcHostCall = pSvc->fnTable.pfnHostCall(NULL, pFn->u.HostCall.iFunc, pFn->u.HostCall.cParms, pFn->u.HostCall.pParms);
     516                        pSvc->rcHostCall = pSvc->fnTable.pfnHostCall(pSvc->fnTable.pvService, pFn->u.HostCall.iFunc,
     517                                                                     pFn->u.HostCall.cParms, pFn->u.HostCall.pParms);
    515518
    516519                        int rc2 = RTSemEventSignal(pSvc->hEventHostCall);
     
    544547PTSTHGCMMOCKSVC TstHgcmMockSvcInst(void)
    545548{
    546     return &s_tstHgcmSvc;
     549    return &g_tstHgcmSvc;
    547550}
    548551
     
    581584 * @return VBox status code.
    582585 * @param  pSvc                 HGCM mock service instance to create.
    583  * @param  cbClient             Size (in bytes) of service-specific client data to
    584  *                              allocate for a HGCM mock client.
    585  */
    586 int TstHgcmMockSvcCreate(PTSTHGCMMOCKSVC pSvc, size_t cbClient)
    587 {
    588     AssertReturn(cbClient, VERR_INVALID_PARAMETER);
    589 
     586 */
     587int TstHgcmMockSvcCreate(PTSTHGCMMOCKSVC pSvc)
     588{
    590589    RT_ZERO(pSvc->aHgcmClient);
    591590    pSvc->fShutdown = false;
     
    600599            {
    601600                RTListInit(&pSvc->lstCall);
    602 
    603                 pSvc->cbClient = cbClient;
    604601            }
    605602        }

  • trunk/src/VBox/HostServices/GuestControl/testcase/tstGuestControlMockHGCM.cpp

    r98526 r98574  
    2626 */
    2727
     28
     29/*********************************************************************************************************************************
     30*   Header Files                                                                                                                 *
     31*********************************************************************************************************************************/
    2832#include <VBox/HostServices/GuestControlSvc.h>
    2933#include <VBox/VBoxGuestLib.h>
     
    5155*   Shared Clipboard testing                                                                                                     *
    5256*********************************************************************************************************************************/
     57/** @todo r=bird: Clipboard?  */
     58
    5359struct CLIPBOARDTESTDESC;
    5460/** Pointer to a test description. */
     
    103109CLIPBOARDTESTCTX g_TstCtx;
    104110
     111#if 0 /** @todo r=bird: Clipboard? This times out and asserts and doesn't seems to do anything sensible. */
     112
    105113/**
    106114 * Structure for keeping a clipboard test description.
     
    120128} SHCLCONTEXT;
    121129
     130#endif
     131
    122132
    123133static void testGuestSimple(void)
     
    155165 * Test: Guest reading from host                                                                                                 *
    156166 ********************************************************************************************************************************/
     167/** @todo r=bird: Reading from the host? WTF?  Doesn't seem to work, so I've disabled it till it can be rewritten and
     168 * made to do something useful rather than asserting. */
     169#if 0
    157170typedef struct TSTUSERMOCK
    158171{
     
    193206{
    194207    RT_NOREF(pTstCtx, ppvCtx);
    195 
    196     int rc = VINF_SUCCESS;
    197 
    198     return rc;
     208    return VINF_SUCCESS;
    199209}
    200210
     
    233243}
    234244
     245#endif
     246
    235247
    236248/*********************************************************************************************************************************
    237249 * Main                                                                                                                          *
    238250 ********************************************************************************************************************************/
     251#if 0 /** @todo r=bird: Same as above.  */
    239252
    240253/** Test definition table. */
     
    265278}
    266279
    267 int main(int argc, char *argv[])
     280#endif
     281
     282int main()
    268283{
    269284    /*
    270285     * Init the runtime, test and say hello.
    271286     */
    272     const char *pcszExecName;
    273     NOREF(argc);
    274     pcszExecName = strrchr(argv[0], '/');
    275     pcszExecName = pcszExecName ? pcszExecName + 1 : argv[0];
    276     RTEXITCODE rcExit = RTTestInitAndCreate(pcszExecName, &g_hTest);
     287    RTEXITCODE rcExit = RTTestInitAndCreate("tstGuestControlMockHGCM", &g_hTest);
    277288    if (rcExit != RTEXITCODE_SUCCESS)
    278289        return rcExit;
    279290    RTTestBanner(g_hTest);
    280291
    281 #ifndef DEBUG_andy
     292#if 0 //ndef DEBUG_andy - bird: fix the 'ing code.
    282293    /* Don't let assertions in the host service panic (core dump) the test cases. */
    283294    RTAssertSetMayPanic(false);
     
    285296
    286297    PTSTHGCMMOCKSVC const pSvc = TstHgcmMockSvcInst();
    287 
    288     TstHgcmMockSvcCreate(pSvc, 42 /** @todo */);
     298    TstHgcmMockSvcCreate(pSvc);
    289299    TstHgcmMockSvcStart(pSvc);
    290300
     
    298308    }
    299309
     310#if 0 /** @todo r=bird: Clipboard? This times out and asserts and doesn't seems to do anything sensible. */
    300311    RT_ZERO(g_TstCtx);
    301312
     
    311322
    312323    TstHGCMUtilsTaskDestroy(pTask);
     324#endif
    313325
    314326    TstHgcmMockSvcStop(pSvc);

  • trunk/src/VBox/HostServices/SharedClipboard/testcase/tstClipboardMockHGCM.cpp

    r98103 r98574  
    699699
    700700    PTSTHGCMMOCKSVC const pSvc = TstHgcmMockSvcInst();
    701     TstHgcmMockSvcCreate(pSvc, sizeof(SHCLCLIENT));
     701    TstHgcmMockSvcCreate(pSvc);
    702702    TstHgcmMockSvcStart(pSvc);
    703703
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette