If DBUS_DISABLE_ASSERTS was turned on, and a buggy program called
dbus_connection_get_data() with a slot number less than zero (eg,
before even allocating the data slot), random memory would be
accessed and a random value returned. Anything less than zero
is not a valid slot number and should be rejected by libdbus.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63127
Signed-off-by: Dan Williams <dcbw@redhat.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
void *res;
_dbus_return_val_if_fail (connection != NULL, NULL);
-
+ _dbus_return_val_if_fail (slot >= 0, NULL);
+
SLOTS_LOCK (connection);
res = _dbus_data_slot_list_get (&slot_allocator,