unstablevortex/caff-previewer
3
0
Fork 0
Code Pull Requests Releases Activity

Fixed integer overflow

Browse Source
This commit is contained in:
Pünkösd Marcell 2020-11-08 23:43:13 +01:00
parent 405fc22385
commit 4fb5301423
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/caff_tools.c
View File

@ -151,10 +151,18 @@ uint8_t validate_caff_file(uint8_t *data, uint64_t data_len) {
frame_counter++; frame_counter++;
uint64_t seek_by = frame_header->length + sizeof(caff_frame_header_t); uint64_t seek_by = frame_header->length + sizeof(caff_frame_header_t);
if (seek_by > len_remaining) {
return CAFF_PARSE_LENGTH_ERROR;
}
len_remaining -= seek_by; len_remaining -= seek_by;
p += seek_by; p += seek_by;
} }
if (len_remaining > 0) {
// This is probably won't be called but only if the while loop above breaks abnormally
return CAFF_PARSE_LENGTH_ERROR;
}
if (expected_num_anim != num_anim) { if (expected_num_anim != num_anim) {
return CAFF_PARSE_ANIMATION_COUNT_ERROR; return CAFF_PARSE_ANIMATION_COUNT_ERROR;
} }
@ -179,7 +187,7 @@ uint8_t parse_caff_get_first_ciff(uint8_t *caff_data, uint64_t caff_data_len, ui
// Seek for the first CIFF header // Seek for the first CIFF header
uint8_t *p = caff_data; uint8_t *p = caff_data;
uint64_t caff_data_len_remaining = caff_data_len; uint64_t caff_data_len_remaining = caff_data_len;
while (caff_data_len_remaining > 0) { while (caff_data_len_remaining > 0) { // This won't cause integer overflow, because those files are validated previously
caff_frame_header_t *frame_header = (caff_frame_header_t *) p; caff_frame_header_t *frame_header = (caff_frame_header_t *) p;
if (frame_header->id == CAFF_FRAME_ANIMATION) { if (frame_header->id == CAFF_FRAME_ANIMATION) {