summaryrefslogtreecommitdiff
path: root/legacy/eet/src
diff options
context:
space:
mode:
authorCedric BAIL <cedric.bail@free.fr>2012-07-16 10:38:37 +0000
committerCedric BAIL <cedric.bail@free.fr>2012-07-16 10:38:37 +0000
commitecffd3ae2ff932dadd93ac29531541bb3c8799d4 (patch)
tree818806bb6e58d5ed611a4d135be25eb564b7038f /legacy/eet/src
parent06a818fa5d3eb556d9bb00f5e2764cb5e04eb951 (diff)
eet: detect overrun and underrun before everything goes wrong.
SVN revision: 73919
Diffstat (limited to 'legacy/eet/src')
-rw-r--r--legacy/eet/src/lib/eet_data.c31
1 files changed, 31 insertions, 0 deletions
diff --git a/legacy/eet/src/lib/eet_data.c b/legacy/eet/src/lib/eet_data.c
index c5ae62102a..1eb822a8ca 100644
--- a/legacy/eet/src/lib/eet_data.c
+++ b/legacy/eet/src/lib/eet_data.c
@@ -1946,6 +1946,37 @@ eet_data_descriptor_element_add(Eet_Data_Descriptor *edd,
1946 Eet_Data_Element *ede; 1946 Eet_Data_Element *ede;
1947 Eet_Data_Element *tmp; 1947 Eet_Data_Element *tmp;
1948 1948
1949 /* Sanity check to avoid crash later at runtime */
1950 if (type < EET_T_UNKNOW ||
1951 type >= EET_T_LAST)
1952 {
1953 CRIT("Preventing later bug due to unknow type: %i", type);
1954 return ;
1955 }
1956 if (offset < 0)
1957 {
1958 CRIT("Preventing later buffer underrun : offset = %i", offset);
1959 return ;
1960 }
1961 if (offset > edd->size)
1962 {
1963 CRIT("Preventing later buffer overrun : offset = %i in a structure of %i bytes", offset, edd->size);
1964 return ;
1965 }
1966 if (group_type == EET_G_UNKNOWN && type != EET_T_UNKNOW)
1967 {
1968 if (offset + eet_basic_codec[type - 1].size > edd->size)
1969 {
1970 CRIT("Preventing later buffer overrun : offset = %i, size = %i in a structure of %i bytes", offset, eet_basic_codec[type - 1].size, edd->size);
1971 return ;
1972 }
1973 }
1974 else if ((offset + sizeof (void*)) > (unsigned int) edd->size)
1975 {
1976 CRIT("Preventing later buffer overrun : offset = %i, estimated size = %i in a structure of %i bytes", offset, sizeof (void*), edd->size);
1977 return ;
1978 }
1979
1949 /* UNION, VARIANT type would not work with simple type, we need a way to map the type. */ 1980 /* UNION, VARIANT type would not work with simple type, we need a way to map the type. */
1950 if ((group_type == EET_G_UNION 1981 if ((group_type == EET_G_UNION
1951 || group_type == EET_G_VARIANT) 1982 || group_type == EET_G_VARIANT)