generic-library/webm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mkvparser: Avoid rollover/truncation in UnserializeString().

Browse Source 
Change-Id: I355d00b59ec1b7645ae5b4010e292215b5da3a17
This commit is contained in:
Tom Finegan
2015-08-17 12:11:15 -07:00
parent 8e8b3dbc6a
commit cd96a76985
1 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
mkvparser.cpp
View File

@@ -257,19 +257,19 @@ long mkvparser::UnserializeInt(IMkvReader* pReader, long long pos,
} }
long mkvparser::UnserializeString(IMkvReader* pReader, long long pos, long mkvparser::UnserializeString(IMkvReader* pReader, long long pos,
long long size_, char*& str) { long long size, char*& str) {
delete[] str; delete[] str;
str = NULL; str = NULL;
if (size_ >= LONG_MAX) // we need (size+1) chars if (size >= LONG_MAX || size < 0)
return E_FILE_FORMAT_INVALID; return E_FILE_FORMAT_INVALID;
const long size = static_cast<long>(size_); // +1 for '\0' terminator
const long required_size = static_cast<long>(size) + 1;
str = new (std::nothrow) char[size + 1];
str = new (std::nothrow) char[required_size];
if (str == NULL) if (str == NULL)
return -1; return E_FILE_FORMAT_INVALID;
unsigned char* const buf = reinterpret_cast<unsigned char*>(str); unsigned char* const buf = reinterpret_cast<unsigned char*>(str);
@@ -282,9 +282,8 @@ long mkvparser::UnserializeString(IMkvReader* pReader, long long pos,
return status; return status;
} }
str[size] = '\0'; str[required_size - 1] = '\0';
return 0;
return 0; // success
} }
long mkvparser::ParseElementHeader(IMkvReader* pReader, long long& pos, long mkvparser::ParseElementHeader(IMkvReader* pReader, long long& pos,