Infinite loop in SpectralData::aGetSpectralRecord

[guidovranken]

Spectral-Library-Reader/SpectralData.cpp

Lines 45 to 73 in 621aa96

	do{
	//now we parse the data records
	if (!lRecord.icflag[0] && !lRecord.icflag[1]){
	//flag indicates that record is the start of a data set
	rvalue = recordTuple();
	rvalue.id = lIndex;
	std::memcpy(rvalue.title, lRecord.ititl, 40);
	rvalue.channels = lRecord.itchan;
	std::memcpy(&(rvalue.reflectances[0]), lRecord.data, 1024);
	lContinuationCount = 0;
	}
	if (lRecord.icflag[0] && !lRecord.icflag[1]){
	//flag indicates that record is a continution data set
	int lCurrentCopyIndex = 256 + lContinuationCount * 383;
	if (lCurrentCopyIndex + 383 <= rvalue.channels){
	std::memcpy(&(rvalue.reflectances[lCurrentCopyIndex]), lRecord.cdata, 1532);
	}
	else{
	std::memcpy(&(rvalue.reflectances[lCurrentCopyIndex]), lRecord.cdata, 4 * (rvalue.channels - lCurrentCopyIndex));
	}
	lContinuationCount++;
	}
	lRecord = this->mUSGSDataRecord.aGetRecordUSGSFormat(lIndex + lContinuationCount + 1);
	} while (lRecord.icflag[0]); //keep processing if the record is a continuation record

Input data can be such that lContinuationCount is never incremented, and the same records keeps getting retrieved at line 71, and the do { } while () loop is never broken out of.

This can occur when processing untrusted input.