what does j stand for?

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

what does j stand for?

Postby Chr1sPwn3d » Fri Aug 30, 2019 6:16 pm

n_entries = *(_DWORD *)(shmem_ptr + 0x14);
...
void* resource = NULL;
size_t total_resources = 0;
input = (struct input*)shmem_ptr;
struct sub_desc* desc = &input->descs[0];
for (i = 0; i < n_entries; i++) {
for (int j = 0; j < desc->n_sub_entries; j+) {

int err = IOAccelShared2::lookupResource(ioaccel_shared,
desc->resource_ids[j],
&resource);
if (err) {
goto fail;
}

unsigned short flags = desc->flags[j];

if (flags_invalid(flags)) {
goto fail;
}
resources_buf[total_resources++] = resource;
}
...
}

I saw this in Ian Beer's recent write-up about the exploit-chains, and got stuck reading this when I saw that j was created in the for statement ( for (int j = 0; j < desc->n_sub_entries; j+) ) , but just not sure what it's used for. Apologies if this is really simple.

This is the link to the write-up im reading (where the code is from) : https://googleprojectzero.blogspot.com/ ... ain-1.html
Chr1sPwn3d
 
Posts: 1
Joined: Fri Aug 30, 2019 5:58 pm

Re: what does j stand for?

Postby morpheus » Wed Sep 04, 2019 6:20 pm

J is my first name initia :-).

But your j stands for the sub descriptors - the sub entries in the sub descriptor. Note he shows code iterating the i index up to n_entries, and j up n_sub_entries, which is the green "u16" in his illustration (shown here too). This iterates over the res_ids, which are then handed to IOAccelShared2::lookupResource.
Attachments
0. agx sub-descriptor structure - HI_RES.png
0. agx sub-descriptor structure - HI_RES.png (63.04 KiB) Viewed 164 times
morpheus
Site Admin
 
Posts: 716
Joined: Thu Apr 11, 2013 6:24 pm


Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 1 guest