diff --git a/CONTRIBUTORS b/CONTRIBUTORS index 4832e059..1ae41541 100644 --- a/CONTRIBUTORS +++ b/CONTRIBUTORS @@ -606,6 +606,8 @@ Oliver Endriss for making cEIT::cEIT() drop EPG events that have a zero start time or duration for reporting an unnecessary OSD draw operation caused by the audio track description display in the ST:TNG skin's channel display + for suggesting to make CharArray::DataOwnData::assign() in 'libsi' more robust + against invalid data Reinhard Walter Buchner for adding some satellites to 'sources.conf' diff --git a/HISTORY b/HISTORY index 0bab4a59..452a506d 100644 --- a/HISTORY +++ b/HISTORY @@ -4336,3 +4336,6 @@ Video Disk Recorder Revision History overflows can be better detected (thanks to Marcel Wiesweg). - Checking data size in CaDescriptor::Parse() and LinkageDescriptor::Parse() of 'libsi' to avoid crashes with invalid data (thanks to Marcel Wiesweg). +- Made CharArray::DataOwnData::assign() in 'libsi' more robust against invalid + data (suggested by Oliver Endriss). Also changed CharArray::DataOwnData::Delete() + so that it sets 'size' and 'data' to 0. diff --git a/libsi/util.c b/libsi/util.c index bbdf86b2..b0db93e1 100644 --- a/libsi/util.c +++ b/libsi/util.c @@ -6,7 +6,7 @@ * the Free Software Foundation; either version 2 of the License, or * * (at your option) any later version. * * * - * $Id: util.c 1.6 2006/02/18 10:38:20 kls Exp $ + * $Id: util.c 1.7 2006/02/18 11:17:50 kls Exp $ * * ***************************************************************************/ @@ -119,6 +119,8 @@ CharArray::DataOwnData::~DataOwnData() { void CharArray::DataOwnData::assign(const unsigned char*d, int s) { Delete(); + if (!d || s > 100000 || s <= 0) // ultimate plausibility check + return; size=s; unsigned char *newdata=new unsigned char[size]; memcpy(newdata, d, size); @@ -127,6 +129,8 @@ void CharArray::DataOwnData::assign(const unsigned char*d, int s) { void CharArray::DataOwnData::Delete() { delete[] data; + size=0; + data=0; } CharArray::DataForeignData::~DataForeignData() {