From 273d6c53a68566f31f4241bf094416956bde9562 Mon Sep 17 00:00:00 2001 From: Klaus Schmidinger Date: Sat, 18 Feb 2006 11:21:00 +0100 Subject: [PATCH] Made CharArray::DataOwnData::assign() in 'libsi' more robust against invalid data and changed CharArray::DataOwnData::Delete() so that it sets 'size' and 'data' to 0 --- CONTRIBUTORS | 2 ++ HISTORY | 3 +++ libsi/util.c | 6 +++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTORS b/CONTRIBUTORS index 4832e059..1ae41541 100644 --- a/CONTRIBUTORS +++ b/CONTRIBUTORS @@ -606,6 +606,8 @@ Oliver Endriss for making cEIT::cEIT() drop EPG events that have a zero start time or duration for reporting an unnecessary OSD draw operation caused by the audio track description display in the ST:TNG skin's channel display + for suggesting to make CharArray::DataOwnData::assign() in 'libsi' more robust + against invalid data Reinhard Walter Buchner for adding some satellites to 'sources.conf' diff --git a/HISTORY b/HISTORY index 0bab4a59..452a506d 100644 --- a/HISTORY +++ b/HISTORY @@ -4336,3 +4336,6 @@ Video Disk Recorder Revision History overflows can be better detected (thanks to Marcel Wiesweg). - Checking data size in CaDescriptor::Parse() and LinkageDescriptor::Parse() of 'libsi' to avoid crashes with invalid data (thanks to Marcel Wiesweg). +- Made CharArray::DataOwnData::assign() in 'libsi' more robust against invalid + data (suggested by Oliver Endriss). Also changed CharArray::DataOwnData::Delete() + so that it sets 'size' and 'data' to 0. diff --git a/libsi/util.c b/libsi/util.c index bbdf86b2..b0db93e1 100644 --- a/libsi/util.c +++ b/libsi/util.c @@ -6,7 +6,7 @@ * the Free Software Foundation; either version 2 of the License, or * * (at your option) any later version. * * * - * $Id: util.c 1.6 2006/02/18 10:38:20 kls Exp $ + * $Id: util.c 1.7 2006/02/18 11:17:50 kls Exp $ * * ***************************************************************************/ @@ -119,6 +119,8 @@ CharArray::DataOwnData::~DataOwnData() { void CharArray::DataOwnData::assign(const unsigned char*d, int s) { Delete(); + if (!d || s > 100000 || s <= 0) // ultimate plausibility check + return; size=s; unsigned char *newdata=new unsigned char[size]; memcpy(newdata, d, size); @@ -127,6 +129,8 @@ void CharArray::DataOwnData::assign(const unsigned char*d, int s) { void CharArray::DataOwnData::Delete() { delete[] data; + size=0; + data=0; } CharArray::DataForeignData::~DataForeignData() {