FlapJackApps/libdivecomputer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix some potential buffer overflows

Browse Source 
Verify the buffer size before accessing its content!
This commit is contained in:
Jef Driesen 2017-11-23 21:19:13 +01:00
parent 68380b2ec0
commit 350893fb27
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/hw_ostc_parser.c
View File

@ -569,6 +569,14 @@ hw_ostc_parser_samples_foreach (dc_parser_t *abstract, dc_sample_callback_t call
unsigned int header = parser->header;
const hw_ostc_layout_t *layout = parser->layout;
// Check the header length.
if (version == 0x23 || version == 0x24) {
if (size < header + 5) {
ERROR (abstract->context, "Buffer overflow detected!");
return DC_STATUS_DATAFORMAT;
}
}
// Get the sample rate.
unsigned int samplerate = 0;
if (version == 0x23 || version == 0x24)
@ -595,6 +603,14 @@ hw_ostc_parser_samples_foreach (dc_parser_t *abstract, dc_sample_callback_t call
return DC_STATUS_DATAFORMAT;
}
// Check the header length.
if (version == 0x23 || version == 0x24) {
if (size < header + 5 + 3 * nconfig) {
ERROR (abstract->context, "Buffer overflow detected!");
return DC_STATUS_DATAFORMAT;
}
}
// Get the extended sample configuration.
hw_ostc_sample_info_t info[MAXCONFIG] = {{0}};
for (unsigned int i = 0; i < nconfig; ++i) {