ref: 559e589947b8e3da2222fe21f369774bb0a92ce7
parent: 504dc0cb46de77f22a78eb5b521a8d6ff475fd94
author: Ori Bernstein <ori@eigenstate.org>
date: Sat Dec 28 14:41:42 EST 2019
add appropriate bounds checks
--- a/pack.c
+++ b/pack.c
@@ -323,15 +323,15 @@
o = 0;
l = 0;
/* Offset in base */
- if(c & 0x01) o |= (*d++ << 0) & 0x000000ff;
- if(c & 0x02) o |= (*d++ << 8) & 0x0000ff00;
- if(c & 0x04) o |= (*d++ << 16) & 0x00ff0000;
- if(c & 0x08) o |= (*d++ << 24) & 0xff000000;
+ if(d != ed && c & 0x01) o |= (*d++ << 0) & 0x000000ff;
+ if(d != ed && c & 0x02) o |= (*d++ << 8) & 0x0000ff00;
+ if(d != ed && c & 0x04) o |= (*d++ << 16) & 0x00ff0000;
+ if(d != ed && c & 0x08) o |= (*d++ << 24) & 0xff000000;
/* Length to copy */
- if(c & 0x10) l |= (*d++ << 0) & 0x0000ff;
- if(c & 0x20) l |= (*d++ << 8) & 0x00ff00;
- if(c & 0x40) l |= (*d++ << 16) & 0xff0000;
+ if(d != ed && c & 0x10) l |= (*d++ << 0) & 0x0000ff;
+ if(d != ed && c & 0x20) l |= (*d++ << 8) & 0x00ff00;
+ if(d != ed && c & 0x40) l |= (*d++ << 16) & 0xff0000;
if(l == 0) l = 0x10000;
assert(o + l <= base->size);
@@ -339,6 +339,7 @@
r += l;
/* inline data */
}else{
+ assert(c < ed - d);
memmove(r, d, c);
d += c;
r += c;