|
35 | 35 | #include "file.h" |
36 | 36 |
|
37 | 37 | #ifndef lint |
38 | | -FILE_RCSID("@(#)$File: cdf.c,v 1.48 2012/02/17 05:27:45 christos Exp $") |
| 38 | +FILE_RCSID("@(#)$File: cdf.c,v 1.49 2012/02/20 20:04:37 christos Exp $") |
39 | 39 | #endif |
40 | 40 |
|
41 | 41 | #include <assert.h> |
@@ -75,6 +75,7 @@ static union { |
75 | 75 | #define CDF_TOLE2(x) ((uint16_t)(NEED_SWAP ? _cdf_tole2(x) : (uint16_t)(x))) |
76 | 76 | #define CDF_GETUINT32(x, y) cdf_getuint32(x, y) |
77 | 77 |
|
| 78 | + |
78 | 79 | /* |
79 | 80 | * swap a short |
80 | 81 | */ |
@@ -351,13 +352,13 @@ ssize_t |
351 | 352 | cdf_read_short_sector(const cdf_stream_t *sst, void *buf, size_t offs, |
352 | 353 | size_t len, const cdf_header_t *h, cdf_secid_t id) |
353 | 354 | { |
354 | | - size_t ss = CDF_SEC_SIZE(h); |
| 355 | + size_t ss = CDF_SHORT_SEC_SIZE(h); |
355 | 356 | size_t pos = CDF_SHORT_SEC_POS(h, id); |
356 | 357 | assert(ss == len); |
357 | | - if (pos > ss * sst->sst_len) { |
| 358 | + if (pos > CDF_SEC_SIZE(h) * sst->sst_len) { |
358 | 359 | DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %" |
359 | 360 | SIZE_T_FORMAT "u\n", |
360 | | - pos, ss * sst->sst_len)); |
| 361 | + pos, CDF_SEC_SIZE(h) * sst->sst_len)); |
361 | 362 | return -1; |
362 | 363 | } |
363 | 364 | (void)memcpy(((char *)buf) + offs, |
@@ -529,7 +530,7 @@ cdf_read_short_sector_chain(const cdf_header_t *h, |
529 | 530 | const cdf_sat_t *ssat, const cdf_stream_t *sst, |
530 | 531 | cdf_secid_t sid, size_t len, cdf_stream_t *scn) |
531 | 532 | { |
532 | | - size_t ss = CDF_SEC_SIZE(h), i, j; |
| 533 | + size_t ss = CDF_SHORT_SEC_SIZE(h), i, j; |
533 | 534 | scn->sst_len = cdf_count_chain(ssat, sid, CDF_SEC_SIZE(h)); |
534 | 535 | scn->sst_dirlen = len; |
535 | 536 |
|
@@ -798,18 +799,18 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, |
798 | 799 | if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) |
799 | 800 | goto out; |
800 | 801 | for (i = 0; i < sh.sh_properties; i++) { |
| 802 | + size_t ofs = CDF_GETUINT32(p, (i << 1) + 1); |
801 | 803 | q = (const uint8_t *)(const void *) |
802 | | - ((const char *)(const void *)p + |
803 | | - CDF_GETUINT32(p, (i << 1) + 1)) - 2 * sizeof(uint32_t); |
| 804 | + ((const char *)(const void *)p + ofs |
| 805 | + - 2 * sizeof(uint32_t)); |
804 | 806 | if (q > e) { |
805 | 807 | DPRINTF(("Ran of the end %p > %p\n", q, e)); |
806 | 808 | goto out; |
807 | 809 | } |
808 | 810 | inp[i].pi_id = CDF_GETUINT32(p, i << 1); |
809 | 811 | inp[i].pi_type = CDF_GETUINT32(q, 0); |
810 | | - DPRINTF(("%" SIZE_T_FORMAT "u) id=%x type=%x offs=0x%tx,0x%x\n", i, |
811 | | - inp[i].pi_id, inp[i].pi_type, q - p, |
812 | | - CDF_GETUINT32(p, (i << 1) + 1))); |
| 812 | + DPRINTF(("%" SIZE_T_FORMAT "u) id=%x type=%x offs=0x%tx,0x%x\n", |
| 813 | + i, inp[i].pi_id, inp[i].pi_type, q - p, offs)); |
813 | 814 | if (inp[i].pi_type & CDF_VECTOR) { |
814 | 815 | nelements = CDF_GETUINT32(q, 1); |
815 | 816 | o = 2; |
|
0 commit comments