From b8cdca858b29807fab2a3f0b01d745da6e804e61 Mon Sep 17 00:00:00 2001 From: Klaus Schmidinger Date: Sat, 18 Feb 2006 11:08:55 +0100 Subject: Checking data size in CaDescriptor::Parse() and LinkageDescriptor::Parse() of 'libsi' to avoid crashes with invalid data --- HISTORY | 2 ++ libsi/descriptor.c | 12 +++++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/HISTORY b/HISTORY index 5a605183..0bab4a59 100644 --- a/HISTORY +++ b/HISTORY @@ -4334,3 +4334,5 @@ Video Disk Recorder Revision History - Fixed some typos in the CONTRIBUTORS file (thanks to Frank Krömmelbein). - Changed offset and size handling in 'libsi' from 'unsigned' to 'signed', so that overflows can be better detected (thanks to Marcel Wiesweg). +- Checking data size in CaDescriptor::Parse() and LinkageDescriptor::Parse() of + 'libsi' to avoid crashes with invalid data (thanks to Marcel Wiesweg). diff --git a/libsi/descriptor.c b/libsi/descriptor.c index d27da2b7..6a3af9fe 100644 --- a/libsi/descriptor.c +++ b/libsi/descriptor.c @@ -6,7 +6,7 @@ * the Free Software Foundation; either version 2 of the License, or * * (at your option) any later version. * * * - * $Id: descriptor.c 1.16 2006/02/18 10:38:20 kls Exp $ + * $Id: descriptor.c 1.17 2006/02/18 11:02:25 kls Exp $ * * ***************************************************************************/ @@ -329,7 +329,10 @@ int CaDescriptor::getCaPid() const { void CaDescriptor::Parse() { int offset=0; data.setPointerAndOffset(s, offset); - privateData.assign(data.getData(offset), getLength()-offset); + if (checkSize(getLength()-offset)) + privateData.assign(data.getData(offset), getLength()-offset); + else + privateData.assign(NULL, 0); } int StreamIdentifierDescriptor::getComponentTag() const { @@ -635,7 +638,10 @@ void MultilingualServiceNameDescriptor::Name::Parse() { void LinkageDescriptor::Parse() { int offset=0; data.setPointerAndOffset(s, offset); - privateData.assign(data.getData(offset), getLength()-offset); + if (checkSize(getLength()-offset)) + privateData.assign(data.getData(offset), getLength()-offset); + else + privateData.assign(NULL, 0); } int LinkageDescriptor::getTransportStreamId() const { -- cgit v1.2.3