Add buffer overflow checks to handle truncated and corrupted sis files.

author: Daniel Brahneborg <basic@chello.se> 2002-03-03 22:02:40 +0000
committer: Daniel Brahneborg <basic@chello.se> 2002-03-03 22:02:40 +0000
commit: a4dcb0ecf632832258ebb523c6bc39b7b94f8775 (patch)
tree: 18cf38bb6ecd95671401414c2ba8381b6c90132f /lib/sislangrecord.cpp
parent: d92c2abcca7d9270f49cbfb09a27bfda86642c31 (diff)
download: plptools-a4dcb0ecf632832258ebb523c6bc39b7b94f8775.tar.gz
plptools-a4dcb0ecf632832258ebb523c6bc39b7b94f8775.tar.bz2
plptools-a4dcb0ecf632832258ebb523c6bc39b7b94f8775.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/sislangrecord.cpp b/lib/sislangrecord.cpp
index 5540e6e..2b6afc4 100644
--- a/lib/sislangrecord.cpp
+++ b/lib/sislangrecord.cpp
@@ -24,15 +24,20 @@
 
 #include <stdio.h>
 
-void
-SISLangRecord::fillFrom(uchar* buf, int* base)
+SisRC
+SISLangRecord::fillFrom(uchar* buf, int* base, off_t len)
 {
+	if (*base + 2 > len)
+		return SIS_TRUNCATED;
 	m_lang = read16(buf + *base);
+	if (m_lang > 33)	// Thai, last language
+		return SIS_CORRUPTED;
 	if (logLevel >= 2)
 		printf("Got language %d (%s)\n", m_lang, langTable[m_lang].m_name);
 	if (logLevel >= 1)
 		printf("%d .. %d (%d bytes): Language record for %s\n",
 			   *base, *base + 2, 2, langTable[m_lang].m_name);
 	*base += 2;
+	return SIS_OK;
 }
author	Daniel Brahneborg <basic@chello.se>	2002-03-03 22:02:40 +0000
committer	Daniel Brahneborg <basic@chello.se>	2002-03-03 22:02:40 +0000
commit	a4dcb0ecf632832258ebb523c6bc39b7b94f8775 (patch)
tree	18cf38bb6ecd95671401414c2ba8381b6c90132f /lib/sislangrecord.cpp
parent	d92c2abcca7d9270f49cbfb09a27bfda86642c31 (diff)
download	plptools-a4dcb0ecf632832258ebb523c6bc39b7b94f8775.tar.gz plptools-a4dcb0ecf632832258ebb523c6bc39b7b94f8775.tar.bz2 plptools-a4dcb0ecf632832258ebb523c6bc39b7b94f8775.zip