[PATCH] Add overflow check to get_delta_hdr_size

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Martin Koegler <martin.koegler@xxxxxxxxx>

Signed-off-by: Martin Koegler <martin.koegler@xxxxxxxxx>
---
Applies on top of my size_t series

I'm not sure, if die or error is better.

 delta.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/delta.h b/delta.h
index 2df0f55..18a4983 100644
--- a/delta.h
+++ b/delta.h
@@ -96,6 +96,11 @@ static inline size_t get_delta_hdr_size(const unsigned char **datap,
 		cmd = *data++;
 		size |= (cmd & 0x7f) << i;
 		i += 7;
+		if (bitsizeof(size_t) <= i) {
+			error("too large object size");
+			size = 0;
+			break;
+		}
 	} while (cmd & 0x80 && data < top);
 	*datap = data;
 	return size;
-- 
2.1.4




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux