tweaks: some extra checks on lengths

2020-11-05 04:43:40 +00:00 · 2020-11-05 04:43:40 +00:00 · 4702f12818
commit 4702f12818
parent 4f3054f07d
2 changed files with 6 additions and 0 deletions
--- a/src/packhead.cpp
+++ b/src/packhead.cpp
@ -42,6 +42,7 @@ PackHeader::PackHeader() : version(-1), format(-1) {}
 **************************************************************************/

 static unsigned char get_packheader_checksum(const upx_bytep buf, int len) {
+    assert(len >= sizeof(int32_t));
    assert(get_le32(buf) == UPX_MAGIC_LE32);
    // printf("1 %d\n", len);
    buf += 4;
@ -92,6 +93,8 @@ int PackHeader::getPackHeaderSize() const {
 **************************************************************************/

 void PackHeader::putPackHeader(upx_bytep p) {
+    // NOTE: It is the caller's responsbility to ensure the buffer p has
+    // sufficient space for the header.
    assert(get_le32(p) == UPX_MAGIC_LE32);
    if (get_le32(p + 4) != UPX_MAGIC2_LE32) {
        // fprintf(stderr, "MAGIC2_LE32: %x %x\n", get_le32(p+4), UPX_MAGIC2_LE32);
--- a/src/util.cpp
+++ b/src/util.cpp
@ -241,6 +241,9 @@ int __acc_cdecl_qsort le64_compare_signed(const void *e1, const void *e2) {
 int find(const void *b, int blen, const void *what, int wlen) {
    if (b == NULL || blen <= 0 || what == NULL || wlen <= 0)
        return -1;
+    // Fast exit if the wanted string is longer than the buffer.
+    if (wlen > blen)
+        return -1;

    int i;
    const unsigned char *base = (const unsigned char *) b;