From a4dcb0ecf632832258ebb523c6bc39b7b94f8775 Mon Sep 17 00:00:00 2001
From: Daniel Brahneborg <basic@chello.se>
Date: Sun, 3 Mar 2002 22:02:40 +0000
Subject: Add buffer overflow checks to handle truncated and corrupted sis
 files.

---
 lib/sislangrecord.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'lib/sislangrecord.cpp')

diff --git a/lib/sislangrecord.cpp b/lib/sislangrecord.cpp
index 5540e6e..2b6afc4 100644
--- a/lib/sislangrecord.cpp
+++ b/lib/sislangrecord.cpp
@@ -24,15 +24,20 @@
 
 #include <stdio.h>
 
-void
-SISLangRecord::fillFrom(uchar* buf, int* base)
+SisRC
+SISLangRecord::fillFrom(uchar* buf, int* base, off_t len)
 {
+	if (*base + 2 > len)
+		return SIS_TRUNCATED;
 	m_lang = read16(buf + *base);
+	if (m_lang > 33)	// Thai, last language
+		return SIS_CORRUPTED;
 	if (logLevel >= 2)
 		printf("Got language %d (%s)\n", m_lang, langTable[m_lang].m_name);
 	if (logLevel >= 1)
 		printf("%d .. %d (%d bytes): Language record for %s\n",
 			   *base, *base + 2, 2, langTable[m_lang].m_name);
 	*base += 2;
+	return SIS_OK;
 }
 
-- 
cgit v1.2.3