From 4702f12818e362fa8995e6aaaa1d5aff753eaf39 Mon Sep 17 00:00:00 2001 From: Liam Murphy Date: Thu, 5 Nov 2020 04:43:40 +0000 Subject: [PATCH] tweaks: some extra checks on lengths --- src/packhead.cpp | 3 +++ src/util.cpp | 3 +++ 2 files changed, 6 insertions(+) diff --git a/src/packhead.cpp b/src/packhead.cpp index bdd0ece9..d62e4eb5 100644 --- a/src/packhead.cpp +++ b/src/packhead.cpp @@ -42,6 +42,7 @@ PackHeader::PackHeader() : version(-1), format(-1) {} **************************************************************************/ static unsigned char get_packheader_checksum(const upx_bytep buf, int len) { + assert(len >= sizeof(int32_t)); assert(get_le32(buf) == UPX_MAGIC_LE32); // printf("1 %d\n", len); buf += 4; @@ -92,6 +93,8 @@ int PackHeader::getPackHeaderSize() const { **************************************************************************/ void PackHeader::putPackHeader(upx_bytep p) { + // NOTE: It is the caller's responsbility to ensure the buffer p has + // sufficient space for the header. assert(get_le32(p) == UPX_MAGIC_LE32); if (get_le32(p + 4) != UPX_MAGIC2_LE32) { // fprintf(stderr, "MAGIC2_LE32: %x %x\n", get_le32(p+4), UPX_MAGIC2_LE32); diff --git a/src/util.cpp b/src/util.cpp index a1764f91..c980c517 100644 --- a/src/util.cpp +++ b/src/util.cpp @@ -241,6 +241,9 @@ int __acc_cdecl_qsort le64_compare_signed(const void *e1, const void *e2) { int find(const void *b, int blen, const void *what, int wlen) { if (b == NULL || blen <= 0 || what == NULL || wlen <= 0) return -1; + // Fast exit if the wanted string is longer than the buffer. + if (wlen > blen) + return -1; int i; const unsigned char *base = (const unsigned char *) b;