summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorSlávek Banko <slavek.banko@axis.cz>2015-09-14 01:27:38 +0200
committerSlávek Banko <slavek.banko@axis.cz>2015-09-14 01:27:38 +0200
commit53090f76505d2109d86175f6d002b69996d90eea (patch)
tree60e4392f113d4e8dddfc1b9bc6681c2100c5e5f9 /kernel
parentf4b637a92b40664dfc3523bfc7632cc718ad6175 (diff)
downloadlibksquirrel-53090f76505d2109d86175f6d002b69996d90eea.tar.gz
libksquirrel-53090f76505d2109d86175f6d002b69996d90eea.zip
Fix potential buffer overflow
Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/kls_hdr/fmt_codec_hdr.cpp6
1 files changed, 5 insertions, 1 deletions
diff --git a/kernel/kls_hdr/fmt_codec_hdr.cpp b/kernel/kls_hdr/fmt_codec_hdr.cpp
index 9819504..33af0a0 100644
--- a/kernel/kls_hdr/fmt_codec_hdr.cpp
+++ b/kernel/kls_hdr/fmt_codec_hdr.cpp
@@ -283,7 +283,8 @@ bool fmt_codec::getHdrHead()
bool done = false;
s8 a, b;
s8 x[2], y[2];
- s8 buff[80];
+ const u32 buffSize = 80;
+ s8 buff[buffSize];
u32 count = 0;
if(!frs.readK(hdr.sig, sizeof(hdr.sig)-1)) return false;
@@ -320,6 +321,9 @@ bool fmt_codec::getHdrHead()
if(!frs.readK(&a, sizeof(s8))) return false;
++count;
+ if (count > buffSize-1) {
+ return false;
+ }
}
buff[count] = '\0';