reader_init: Initialize all fields of struct DBusTypeReader (CID 54754, 54772, 54773).

This patch is based on the fix for 'Field reader.array_len_offset is
uninitialized'

Reported by Coverity: CID 54754, 54772, 54773: Uninitialized scalar
variable (UNINIT)

[smcv: also re-order how the class is set when we recurse, so that
the sub-reader's class doesn't end up NULL]

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90021

diff --git a/dbus/dbus-marshal-recursive.c b/dbus/dbus-marshal-recursive.c
index 4adfd2e9f3d03355045cb0a89aac12fba419185b..9ba16e93341746d2b80af0fb99819b7335851889 100644 (file)
--- a/dbus/dbus-marshal-recursive.c
+++ b/dbus/dbus-marshal-recursive.c
@@ -149,6 +149,7 @@ reader_init (DBusTypeReader    *reader,
              const DBusString  *value_str,
              int                value_pos)
 {
+  _DBUS_ZERO (*reader);
   reader->byte_order = byte_order;
   reader->finished = FALSE;
   reader->type_str = type_str;
@@ -736,11 +737,11 @@ _dbus_type_reader_init (DBusTypeReader    *reader,
                         const DBusString  *value_str,
                         int                value_pos)
 {
-  reader->klass = &body_reader_class;
-
   reader_init (reader, byte_order, type_str, type_pos,
                value_str, value_pos);
 
+  reader->klass = &body_reader_class;
+
 #if RECURSIVE_MARSHAL_READ_TRACE
   _dbus_verbose ("  type reader %p init type_pos = %d value_pos = %d remaining sig '%s'\n",
                  reader, reader->type_pos, reader->value_pos,
@@ -761,11 +762,11 @@ _dbus_type_reader_init_types_only (DBusTypeReader    *reader,
                                    const DBusString  *type_str,
                                    int                type_pos)
 {
-  reader->klass = &body_types_only_reader_class;
-
   reader_init (reader, DBUS_COMPILER_BYTE_ORDER /* irrelevant */,
                type_str, type_pos, NULL, _DBUS_INT_MAX /* crashes if we screw up */);
 
+  reader->klass = &body_types_only_reader_class;
+
 #if RECURSIVE_MARSHAL_READ_TRACE
   _dbus_verbose ("  type reader %p init types only type_pos = %d remaining sig '%s'\n",
                  reader, reader->type_pos,
@@ -988,6 +989,7 @@ void
 _dbus_type_reader_recurse (DBusTypeReader *reader,
                            DBusTypeReader *sub)
 {
+  const DBusTypeReaderClass *klass;
   int t;
 
   t = _dbus_first_type_in_signature (reader->type_str, reader->type_pos);
@@ -996,27 +998,27 @@ _dbus_type_reader_recurse (DBusTypeReader *reader,
     {
     case DBUS_TYPE_STRUCT:
       if (reader->klass->types_only)
-        sub->klass = &struct_types_only_reader_class;
+        klass = &struct_types_only_reader_class;
       else
-        sub->klass = &struct_reader_class;
+        klass = &struct_reader_class;
       break;
     case DBUS_TYPE_DICT_ENTRY:
       if (reader->klass->types_only)
-        sub->klass = &dict_entry_types_only_reader_class;
+        klass = &dict_entry_types_only_reader_class;
       else
-        sub->klass = &dict_entry_reader_class;
+        klass = &dict_entry_reader_class;
       break;
     case DBUS_TYPE_ARRAY:
       if (reader->klass->types_only)
-        sub->klass = &array_types_only_reader_class;
+        klass = &array_types_only_reader_class;
       else
-        sub->klass = &array_reader_class;
+        klass = &array_reader_class;
       break;
     case DBUS_TYPE_VARIANT:
       if (reader->klass->types_only)
         _dbus_assert_not_reached ("can't recurse into variant typecode");
       else
-        sub->klass = &variant_reader_class;
+        klass = &variant_reader_class;
       break;
     default:
       _dbus_verbose ("recursing into type %s\n", _dbus_type_to_string (t));
@@ -1028,9 +1030,10 @@ _dbus_type_reader_recurse (DBusTypeReader *reader,
       _dbus_assert_not_reached ("don't yet handle recursing into this type");
     }
 
-  _dbus_assert (sub->klass == all_reader_classes[sub->klass->id]);
+  _dbus_assert (klass == all_reader_classes[klass->id]);
 
-  (* sub->klass->recurse) (sub, reader);
+  (* klass->recurse) (sub, reader);
+  sub->klass = klass;
 
 #if RECURSIVE_MARSHAL_READ_TRACE
   _dbus_verbose ("  type reader %p RECURSED type_pos = %d value_pos = %d remaining sig '%s'\n",