summaryrefslogtreecommitdiff
path: root/legacy/eet
diff options
context:
space:
mode:
authorCedric BAIL <cedric.bail@free.fr>2012-07-16 10:38:37 +0000
committerCedric BAIL <cedric.bail@free.fr>2012-07-16 10:38:37 +0000
commitecffd3ae2ff932dadd93ac29531541bb3c8799d4 (patch)
tree818806bb6e58d5ed611a4d135be25eb564b7038f /legacy/eet
parent06a818fa5d3eb556d9bb00f5e2764cb5e04eb951 (diff)
eet: detect overrun and underrun before everything goes wrong.
SVN revision: 73919
Diffstat (limited to 'legacy/eet')
-rw-r--r--legacy/eet/ChangeLog4
-rw-r--r--legacy/eet/NEWS3
-rw-r--r--legacy/eet/src/lib/eet_data.c31
3 files changed, 38 insertions, 0 deletions
diff --git a/legacy/eet/ChangeLog b/legacy/eet/ChangeLog
index 94a51eb6de..18d8ff2b48 100644
--- a/legacy/eet/ChangeLog
+++ b/legacy/eet/ChangeLog
@@ -602,3 +602,7 @@
6022012-06-27 Leandro Santiago 6022012-06-27 Leandro Santiago
603 603
604 * Fix crash when cyphering huge amount of data. 604 * Fix crash when cyphering huge amount of data.
605
6062012-07-16 Cedric Bail
607
608 * Add code to detect overrun and underrun in eet_data_descriptor_element_add.
diff --git a/legacy/eet/NEWS b/legacy/eet/NEWS
index 9506fadf66..6a08a5777b 100644
--- a/legacy/eet/NEWS
+++ b/legacy/eet/NEWS
@@ -3,6 +3,9 @@ Eet 1.7.0
3Changes since Eet 1.6.0: 3Changes since Eet 1.6.0:
4-------------------------- 4--------------------------
5 5
6Additions:
7 * Add code to detect overrun and underrun during Eet Data Descriptor setup.
8
6Fixes: 9Fixes:
7 * Force destruction of all pending file when shuting down eet. 10 * Force destruction of all pending file when shuting down eet.
8 * Make eet_dictionary thread safe. 11 * Make eet_dictionary thread safe.
diff --git a/legacy/eet/src/lib/eet_data.c b/legacy/eet/src/lib/eet_data.c
index c5ae62102a..1eb822a8ca 100644
--- a/legacy/eet/src/lib/eet_data.c
+++ b/legacy/eet/src/lib/eet_data.c
@@ -1946,6 +1946,37 @@ eet_data_descriptor_element_add(Eet_Data_Descriptor *edd,
1946 Eet_Data_Element *ede; 1946 Eet_Data_Element *ede;
1947 Eet_Data_Element *tmp; 1947 Eet_Data_Element *tmp;
1948 1948
1949 /* Sanity check to avoid crash later at runtime */
1950 if (type < EET_T_UNKNOW ||
1951 type >= EET_T_LAST)
1952 {
1953 CRIT("Preventing later bug due to unknow type: %i", type);
1954 return ;
1955 }
1956 if (offset < 0)
1957 {
1958 CRIT("Preventing later buffer underrun : offset = %i", offset);
1959 return ;
1960 }
1961 if (offset > edd->size)
1962 {
1963 CRIT("Preventing later buffer overrun : offset = %i in a structure of %i bytes", offset, edd->size);
1964 return ;
1965 }
1966 if (group_type == EET_G_UNKNOWN && type != EET_T_UNKNOW)
1967 {
1968 if (offset + eet_basic_codec[type - 1].size > edd->size)
1969 {
1970 CRIT("Preventing later buffer overrun : offset = %i, size = %i in a structure of %i bytes", offset, eet_basic_codec[type - 1].size, edd->size);
1971 return ;
1972 }
1973 }
1974 else if ((offset + sizeof (void*)) > (unsigned int) edd->size)
1975 {
1976 CRIT("Preventing later buffer overrun : offset = %i, estimated size = %i in a structure of %i bytes", offset, sizeof (void*), edd->size);
1977 return ;
1978 }
1979
1949 /* UNION, VARIANT type would not work with simple type, we need a way to map the type. */ 1980 /* UNION, VARIANT type would not work with simple type, we need a way to map the type. */
1950 if ((group_type == EET_G_UNION 1981 if ((group_type == EET_G_UNION
1951 || group_type == EET_G_VARIANT) 1982 || group_type == EET_G_VARIANT)