diff options
author | Klaus Schmidinger <vdr@tvdr.de> | 2006-02-18 11:08:55 +0100 |
---|---|---|
committer | Klaus Schmidinger <vdr@tvdr.de> | 2006-02-18 11:08:55 +0100 |
commit | b8cdca858b29807fab2a3f0b01d745da6e804e61 (patch) | |
tree | d621b704579d456bc0abf3c195b341639b91eb0c | |
parent | 5ed4504ce0fc510d29492bcf480113f3e01f069e (diff) | |
download | vdr-b8cdca858b29807fab2a3f0b01d745da6e804e61.tar.gz vdr-b8cdca858b29807fab2a3f0b01d745da6e804e61.tar.bz2 |
Checking data size in CaDescriptor::Parse() and LinkageDescriptor::Parse() of 'libsi' to avoid crashes with invalid data
-rw-r--r-- | HISTORY | 2 | ||||
-rw-r--r-- | libsi/descriptor.c | 12 |
2 files changed, 11 insertions, 3 deletions
@@ -4334,3 +4334,5 @@ Video Disk Recorder Revision History - Fixed some typos in the CONTRIBUTORS file (thanks to Frank Krömmelbein). - Changed offset and size handling in 'libsi' from 'unsigned' to 'signed', so that overflows can be better detected (thanks to Marcel Wiesweg). +- Checking data size in CaDescriptor::Parse() and LinkageDescriptor::Parse() of + 'libsi' to avoid crashes with invalid data (thanks to Marcel Wiesweg). diff --git a/libsi/descriptor.c b/libsi/descriptor.c index d27da2b7..6a3af9fe 100644 --- a/libsi/descriptor.c +++ b/libsi/descriptor.c @@ -6,7 +6,7 @@ * the Free Software Foundation; either version 2 of the License, or * * (at your option) any later version. * * * - * $Id: descriptor.c 1.16 2006/02/18 10:38:20 kls Exp $ + * $Id: descriptor.c 1.17 2006/02/18 11:02:25 kls Exp $ * * ***************************************************************************/ @@ -329,7 +329,10 @@ int CaDescriptor::getCaPid() const { void CaDescriptor::Parse() { int offset=0; data.setPointerAndOffset<const descr_ca>(s, offset); - privateData.assign(data.getData(offset), getLength()-offset); + if (checkSize(getLength()-offset)) + privateData.assign(data.getData(offset), getLength()-offset); + else + privateData.assign(NULL, 0); } int StreamIdentifierDescriptor::getComponentTag() const { @@ -635,7 +638,10 @@ void MultilingualServiceNameDescriptor::Name::Parse() { void LinkageDescriptor::Parse() { int offset=0; data.setPointerAndOffset<const descr_linkage>(s, offset); - privateData.assign(data.getData(offset), getLength()-offset); + if (checkSize(getLength()-offset)) + privateData.assign(data.getData(offset), getLength()-offset); + else + privateData.assign(NULL, 0); } int LinkageDescriptor::getTransportStreamId() const { |