diff options
author | Daniel Brahneborg <basic@chello.se> | 2002-03-03 22:02:40 +0000 |
---|---|---|
committer | Daniel Brahneborg <basic@chello.se> | 2002-03-03 22:02:40 +0000 |
commit | a4dcb0ecf632832258ebb523c6bc39b7b94f8775 (patch) | |
tree | 18cf38bb6ecd95671401414c2ba8381b6c90132f /lib/sislangrecord.cpp | |
parent | d92c2abcca7d9270f49cbfb09a27bfda86642c31 (diff) | |
download | plptools-a4dcb0ecf632832258ebb523c6bc39b7b94f8775.tar.gz plptools-a4dcb0ecf632832258ebb523c6bc39b7b94f8775.tar.bz2 plptools-a4dcb0ecf632832258ebb523c6bc39b7b94f8775.zip |
Add buffer overflow checks to handle truncated and corrupted sis files.
Diffstat (limited to 'lib/sislangrecord.cpp')
-rw-r--r-- | lib/sislangrecord.cpp | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/sislangrecord.cpp b/lib/sislangrecord.cpp index 5540e6e..2b6afc4 100644 --- a/lib/sislangrecord.cpp +++ b/lib/sislangrecord.cpp @@ -24,15 +24,20 @@ #include <stdio.h> -void -SISLangRecord::fillFrom(uchar* buf, int* base) +SisRC +SISLangRecord::fillFrom(uchar* buf, int* base, off_t len) { + if (*base + 2 > len) + return SIS_TRUNCATED; m_lang = read16(buf + *base); + if (m_lang > 33) // Thai, last language + return SIS_CORRUPTED; if (logLevel >= 2) printf("Got language %d (%s)\n", m_lang, langTable[m_lang].m_name); if (logLevel >= 1) printf("%d .. %d (%d bytes): Language record for %s\n", *base, *base + 2, 2, langTable[m_lang].m_name); *base += 2; + return SIS_OK; } |