blob: add a magic offset to nesting cookies to ensure that NULL is never returned as a normal value

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

blob.c

@@ -40,14 +40,14 @@ blob_init(struct blob_attr *attr, int id, unsigned int len)
 static inline struct blob_attr *
 offset_to_attr(struct blob_buf *buf, int offset)
 {
-	void *ptr = (char *)buf->buf + offset;
+	void *ptr = (char *)buf->buf + offset - BLOB_COOKIE;
 	return ptr;
 }
 
 static inline int
 attr_to_offset(struct blob_buf *buf, struct blob_attr *attr)
 {
-	return (char *)attr - (char *) buf->buf;
+	return (char *)attr - (char *) buf->buf + BLOB_COOKIE;
 }
 
 void
@@ -65,7 +65,7 @@ static struct blob_attr *
 blob_add(struct blob_buf *buf, struct blob_attr *pos, int id, int payload)
 {
 	int offset = attr_to_offset(buf, pos);
-	int required = (offset + sizeof(struct blob_attr) + payload) - buf->buflen;
+	int required = (offset - BLOB_COOKIE + sizeof(struct blob_attr) + payload) - buf->buflen;
 	struct blob_attr *attr;
 
 	if (required > 0) {

blob.h

@@ -28,6 +28,8 @@
 
 #include "utils.h"
 
+#define BLOB_COOKIE		0x01234567
+
 enum {
 	BLOB_ATTR_UNSPEC,
 	BLOB_ATTR_NESTED,

blobmsg.c

@@ -195,7 +195,7 @@ blobmsg_new(struct blob_buf *buf, int type, const char *name, int payload_len, v
 static inline int
 attr_to_offset(struct blob_buf *buf, struct blob_attr *attr)
 {
-	return (char *)attr - (char *) buf->buf;
+	return (char *)attr - (char *) buf->buf + BLOB_COOKIE;
 }
 
 
@@ -262,7 +262,7 @@ void *
 blobmsg_realloc_string_buffer(struct blob_buf *buf, int maxlen)
 {
 	struct blob_attr *attr = blob_next(buf->head);
-	int offset = attr_to_offset(buf, blob_next(buf->head)) + blob_pad_len(attr);
+	int offset = attr_to_offset(buf, blob_next(buf->head)) + blob_pad_len(attr) - BLOB_COOKIE;
 	int required = maxlen - (buf->buflen - offset);
 
 	if (required <= 0)