diff options
| author | Cedric BAIL <cedric.bail@free.fr> | 2012-07-16 10:38:37 +0000 |
|---|---|---|
| committer | Cedric BAIL <cedric.bail@free.fr> | 2012-07-16 10:38:37 +0000 |
| commit | 8b32375993bd0b51d3efde75eb82f541b387abcc (patch) | |
| tree | 1b808255d4c5d8b026b6ac376f9e8fb9d5c7e09f | |
| parent | 5185a82827f2012e81ca48ef871729b96fa7a61d (diff) | |
| download | eet-8b32375993bd0b51d3efde75eb82f541b387abcc.tar.gz | |
eet: detect overrun and underrun before everything goes wrong.
SVN revision: 73919
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | src/lib/eet_data.c | 31 |
3 files changed, 38 insertions, 0 deletions
@@ -602,3 +602,7 @@ 2012-06-27 Leandro Santiago * Fix crash when cyphering huge amount of data. + +2012-07-16 Cedric Bail + + * Add code to detect overrun and underrun in eet_data_descriptor_element_add. @@ -3,6 +3,9 @@ Eet 1.7.0 Changes since Eet 1.6.0: -------------------------- +Additions: + * Add code to detect overrun and underrun during Eet Data Descriptor setup. + Fixes: * Force destruction of all pending file when shuting down eet. * Make eet_dictionary thread safe. diff --git a/src/lib/eet_data.c b/src/lib/eet_data.c index c5ae621..1eb822a 100644 --- a/src/lib/eet_data.c +++ b/src/lib/eet_data.c @@ -1946,6 +1946,37 @@ eet_data_descriptor_element_add(Eet_Data_Descriptor *edd, Eet_Data_Element *ede; Eet_Data_Element *tmp; + /* Sanity check to avoid crash later at runtime */ + if (type < EET_T_UNKNOW || + type >= EET_T_LAST) + { + CRIT("Preventing later bug due to unknow type: %i", type); + return ; + } + if (offset < 0) + { + CRIT("Preventing later buffer underrun : offset = %i", offset); + return ; + } + if (offset > edd->size) + { + CRIT("Preventing later buffer overrun : offset = %i in a structure of %i bytes", offset, edd->size); + return ; + } + if (group_type == EET_G_UNKNOWN && type != EET_T_UNKNOW) + { + if (offset + eet_basic_codec[type - 1].size > edd->size) + { + CRIT("Preventing later buffer overrun : offset = %i, size = %i in a structure of %i bytes", offset, eet_basic_codec[type - 1].size, edd->size); + return ; + } + } + else if ((offset + sizeof (void*)) > (unsigned int) edd->size) + { + CRIT("Preventing later buffer overrun : offset = %i, estimated size = %i in a structure of %i bytes", offset, sizeof (void*), edd->size); + return ; + } + /* UNION, VARIANT type would not work with simple type, we need a way to map the type. */ if ((group_type == EET_G_UNION || group_type == EET_G_VARIANT) |