FlapJackApps/libdivecomputer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Validate the ringbuffer pointers before using them.

Browse Source
This commit is contained in:
Jef Driesen 2011-01-18 19:33:21 +01:00
parent fbe203993c
commit 104c4d956a
2 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/cressi_edy.c
View File

@ -372,12 +372,21 @@ cressi_edy_device_foreach (device_t *abstract, dive_callback_t callback, void *u
// Get the logbook pointers.
unsigned int last = config[0x7C];
unsigned int first = config[0x7D];
if (first < RB_LOGBOOK_BEGIN || first >= RB_LOGBOOK_END ||
last < RB_LOGBOOK_BEGIN || last >= RB_LOGBOOK_END) {
WARNING ("Invalid ringbuffer pointer detected.");
return DEVICE_STATUS_ERROR;
}
// Get the number of logbook items.
unsigned int count = ringbuffer_distance (first, last, 0, RB_LOGBOOK_BEGIN, RB_LOGBOOK_END) + 1;
// Get the profile pointer.
unsigned int eop = array_uint16_le (config + 0x7E) * PAGESIZE + BASE;
if (eop < RB_PROFILE_BEGIN || eop >= RB_PROFILE_END) {
WARNING ("Invalid ringbuffer pointer detected.");
return DEVICE_STATUS_ERROR;
}
// Memory buffer for the profile data.
unsigned char buffer[RB_PROFILE_END - RB_PROFILE_BEGIN] = {0};
@ -392,6 +401,10 @@ cressi_edy_device_foreach (device_t *abstract, dive_callback_t callback, void *u
for (unsigned int i = 0; i < count; ++i) {
// Get the pointer to the profile data.
unsigned int current = array_uint16_le (config + 2 * idx) * PAGESIZE + BASE;
if (current < RB_PROFILE_BEGIN || current >= RB_PROFILE_END) {
WARNING ("Invalid ringbuffer pointer detected.");
return DEVICE_STATUS_ERROR;
}
// Position the pointer at the start of the header.
if (current == RB_PROFILE_BEGIN)

13
src/zeagle_n2ition3.c
View File

@ -308,12 +308,21 @@ zeagle_n2ition3_device_foreach (device_t *abstract, dive_callback_t callback, vo
// Get the logbook pointers.
unsigned int last = config[0x7C];
unsigned int first = config[0x7D];
if (first < RB_LOGBOOK_BEGIN || first >= RB_LOGBOOK_END ||
last < RB_LOGBOOK_BEGIN || last >= RB_LOGBOOK_END) {
WARNING ("Invalid ringbuffer pointer detected.");
return DEVICE_STATUS_ERROR;
}
// Get the number of logbook items.
unsigned int count = ringbuffer_distance (first, last, 0, RB_LOGBOOK_BEGIN, RB_LOGBOOK_END) + 1;
// Get the profile pointer.
unsigned int eop = array_uint16_le (config + 0x7E);
if (eop < RB_PROFILE_BEGIN || eop >= RB_PROFILE_END) {
WARNING ("Invalid ringbuffer pointer detected.");
return DEVICE_STATUS_ERROR;
}
// The logbook ringbuffer can store at most 60 dives, even if the profile
// data could store more (e.g. many small dives). But it's also possible
@ -325,6 +334,10 @@ zeagle_n2ition3_device_foreach (device_t *abstract, dive_callback_t callback, vo
for (unsigned int i = 0; i < count; ++i) {
// Get the pointer to the profile data.
unsigned int current = array_uint16_le (config + 2 * idx);
if (current < RB_PROFILE_BEGIN || current >= RB_PROFILE_END) {
WARNING ("Invalid ringbuffer pointer detected.");
return DEVICE_STATUS_ERROR;
}
// Get the profile length.
unsigned int length = ringbuffer_distance (current, previous, 1, RB_PROFILE_BEGIN, RB_PROFILE_END);