Skip to content

Commit 1a17af1

Browse files
EricSesterhennX41verdammelt
authored andcommitted
Use asserts on lengths to prevent invalid reads/writes.
1 parent 1016eae commit 1a17af1

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

Diff for: src/mapi_attr.c

+5
Original file line numberDiff line numberDiff line change
@@ -174,6 +174,7 @@ mapi_attr_read (size_t len, unsigned char *buf)
174174
uint32 i,j;
175175
assert(len > 4);
176176
uint32 num_properties = GETINT32(buf+idx);
177+
assert((num_properties+1) != 0);
177178
MAPI_Attr** attrs = CHECKED_XMALLOC (MAPI_Attr*, (num_properties + 1));
178179

179180
idx += 4;
@@ -212,6 +213,7 @@ mapi_attr_read (size_t len, unsigned char *buf)
212213
/* read the data into a buffer */
213214
a->names[i].data
214215
= CHECKED_XMALLOC(unsigned char, a->names[i].len);
216+
assert((idx+(a->names[i].len*2)) <= len);
215217
for (j = 0; j < (a->names[i].len >> 1); j++)
216218
a->names[i].data[j] = (buf+idx)[j*2];
217219

@@ -308,8 +310,11 @@ mapi_attr_read (size_t len, unsigned char *buf)
308310
case szMAPI_BINARY:
309311
CHECKINT32(idx, len); v->len = GETINT32(buf+idx); idx += 4;
310312

313+
assert(v->len + idx <= len);
314+
311315
if (a->type == szMAPI_UNICODE_STRING)
312316
{
317+
assert(v->len != 0);
313318
v->data.buf = (unsigned char*)unicode_to_utf8(v->len, buf+idx);
314319
}
315320
else

0 commit comments

Comments
 (0)