summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKlaus Schmidinger <vdr@tvdr.de>2006-02-18 11:08:55 +0100
committerKlaus Schmidinger <vdr@tvdr.de>2006-02-18 11:08:55 +0100
commitb8cdca858b29807fab2a3f0b01d745da6e804e61 (patch)
treed621b704579d456bc0abf3c195b341639b91eb0c
parent5ed4504ce0fc510d29492bcf480113f3e01f069e (diff)
downloadvdr-b8cdca858b29807fab2a3f0b01d745da6e804e61.tar.gz
vdr-b8cdca858b29807fab2a3f0b01d745da6e804e61.tar.bz2
Checking data size in CaDescriptor::Parse() and LinkageDescriptor::Parse() of 'libsi' to avoid crashes with invalid data
-rw-r--r--HISTORY2
-rw-r--r--libsi/descriptor.c12
2 files changed, 11 insertions, 3 deletions
diff --git a/HISTORY b/HISTORY
index 5a605183..0bab4a59 100644
--- a/HISTORY
+++ b/HISTORY
@@ -4334,3 +4334,5 @@ Video Disk Recorder Revision History
- Fixed some typos in the CONTRIBUTORS file (thanks to Frank Krömmelbein).
- Changed offset and size handling in 'libsi' from 'unsigned' to 'signed', so that
overflows can be better detected (thanks to Marcel Wiesweg).
+- Checking data size in CaDescriptor::Parse() and LinkageDescriptor::Parse() of
+ 'libsi' to avoid crashes with invalid data (thanks to Marcel Wiesweg).
diff --git a/libsi/descriptor.c b/libsi/descriptor.c
index d27da2b7..6a3af9fe 100644
--- a/libsi/descriptor.c
+++ b/libsi/descriptor.c
@@ -6,7 +6,7 @@
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
- * $Id: descriptor.c 1.16 2006/02/18 10:38:20 kls Exp $
+ * $Id: descriptor.c 1.17 2006/02/18 11:02:25 kls Exp $
* *
***************************************************************************/
@@ -329,7 +329,10 @@ int CaDescriptor::getCaPid() const {
void CaDescriptor::Parse() {
int offset=0;
data.setPointerAndOffset<const descr_ca>(s, offset);
- privateData.assign(data.getData(offset), getLength()-offset);
+ if (checkSize(getLength()-offset))
+ privateData.assign(data.getData(offset), getLength()-offset);
+ else
+ privateData.assign(NULL, 0);
}
int StreamIdentifierDescriptor::getComponentTag() const {
@@ -635,7 +638,10 @@ void MultilingualServiceNameDescriptor::Name::Parse() {
void LinkageDescriptor::Parse() {
int offset=0;
data.setPointerAndOffset<const descr_linkage>(s, offset);
- privateData.assign(data.getData(offset), getLength()-offset);
+ if (checkSize(getLength()-offset))
+ privateData.assign(data.getData(offset), getLength()-offset);
+ else
+ privateData.assign(NULL, 0);
}
int LinkageDescriptor::getTransportStreamId() const {