diff options
author | Qiuhao Li <Qiuhao.Li@outlook.com> | 2022-11-22 08:30:17 +0800 |
---|---|---|
committer | Qiuhao Li <Qiuhao.Li@outlook.com> | 2022-11-22 08:30:17 +0800 |
commit | 45b29802d7473a969cbc268a4c64e0797c7911c2 (patch) | |
tree | 3ddc4f46249545fced23e930030cbac9f54a67b6 | |
parent | 8a9a45a49bfaf8f91421d714393d49fa05871e4b (diff) | |
download | libmtp-45b29802d7473a969cbc268a4c64e0797c7911c2.tar.gz |
ptp_pack_string: check string length for no iconv situation
When HAVE_ICONV or HAVE_LANGINFO_H is not defined, we may have
stack-over-flow issue when copy string to ucs2str.
Signed-off-by: Qiuhao Li <Qiuhao.Li@outlook.com>
-rw-r--r-- | src/ptp-pack.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/ptp-pack.c b/src/ptp-pack.c index 0616996..d5e9488 100644 --- a/src/ptp-pack.c +++ b/src/ptp-pack.c @@ -212,13 +212,13 @@ ptp_pack_string(PTPParams *params, char *string, unsigned char* data, uint16_t o uint16_t ucs2str[PTP_MAXSTRLEN+1]; char *ucs2strp = (char *) ucs2str; size_t convlen = strlen(string); + size_t convmax = PTP_MAXSTRLEN * 2; /* Includes the terminator */ /* Cannot exceed 255 (PTP_MAXSTRLEN) since it is a single byte, duh ... */ memset(ucs2strp, 0, sizeof(ucs2str)); /* XXX: necessary? */ #if defined(HAVE_ICONV) && defined(HAVE_LANGINFO_H) if (params->cd_locale_to_ucs2 != (iconv_t)-1) { size_t nconv; - size_t convmax = PTP_MAXSTRLEN * 2; /* Includes the terminator */ char *stringp = string; nconv = iconv(params->cd_locale_to_ucs2, &stringp, &convlen, @@ -230,10 +230,10 @@ ptp_pack_string(PTPParams *params, char *string, unsigned char* data, uint16_t o { unsigned int i; - for (i=0;i<convlen;i++) { + for (i=0;i<convlen && i<convmax;i++) { ucs2str[i] = string[i]; } - ucs2str[convlen] = 0; + ucs2str[i] = 0; } /* * XXX: isn't packedlen just ( (uint16_t *)ucs2strp - ucs2str )? |