generic-library/webm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mkvparser: Avoid rollover/truncation in UnserializeString().

Browse Source 
Change-Id: I355d00b59ec1b7645ae5b4010e292215b5da3a17
This commit is contained in:
Tom Finegan
2015-08-17 12:11:15 -07:00
parent 8e8b3dbc6a
commit cd96a76985
1 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
mkvparser.cpp
View File

@@ -257,19 +257,19 @@ long mkvparser::UnserializeInt(IMkvReader* pReader, long long pos,
}
long mkvparser::UnserializeString(IMkvReader* pReader, long long pos,
long long size_, char*& str) {
long long size, char*& str) {
delete[] str;
str = NULL;
if (size_ >= LONG_MAX) // we need (size+1) chars
if (size >= LONG_MAX || size < 0)
return E_FILE_FORMAT_INVALID;
const long size = static_cast<long>(size_);
str = new (std::nothrow) char[size + 1];
// +1 for '\0' terminator
const long required_size = static_cast<long>(size) + 1;
str = new (std::nothrow) char[required_size];
if (str == NULL)
return -1;
return E_FILE_FORMAT_INVALID;
unsigned char* const buf = reinterpret_cast<unsigned char*>(str);
@@ -282,9 +282,8 @@ long mkvparser::UnserializeString(IMkvReader* pReader, long long pos,
return status;
}
str[size] = '\0';
return 0; // success
str[required_size - 1] = '\0';
return 0;
}
long mkvparser::ParseElementHeader(IMkvReader* pReader, long long& pos,