[tracker] tracker-extract: Clarify untrusted value checks
- From: Philip Withnall <pwithnall src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [tracker] tracker-extract: Clarify untrusted value checks
- Date: Mon, 6 Feb 2017 15:22:59 +0000 (UTC)
commit 397883a2128ef2099bbad9da75d213f4724db277
Author: Philip Withnall <withnall endlessm com>
Date: Sun Feb 5 16:07:26 2017 +0100
tracker-extract: Clarify untrusted value checks
When validating the values of csize and tsize (as they are read from a
potentially untrusted MP3 file), put them as the left-hand operand in
the comparison by themselves, without adding anything which:
• confuses Coverity;
• potentially overflows.
Coverity ID: 1399652
https://bugzilla.gnome.org/show_bug.cgi?id=778206
src/tracker-extract/tracker-extract-mp3.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/src/tracker-extract/tracker-extract-mp3.c b/src/tracker-extract/tracker-extract-mp3.c
index 6be6e71..3a6b1d3 100644
--- a/src/tracker-extract/tracker-extract-mp3.c
+++ b/src/tracker-extract/tracker-extract-mp3.c
@@ -2221,7 +2221,7 @@ parse_id3v20 (const gchar *data,
unsync = (data[5] & 0x80) > 0;
tsize = extract_uint32_7bit (&data[6]);
- if (tsize + header_size > size) {
+ if (tsize > size - header_size) {
g_message ("[v20] Expected MP3 tag size and header size to be within file size boundaries");
return;
}
@@ -2251,7 +2251,7 @@ parse_id3v20 (const gchar *data,
csize = (size_t) extract_uint32_3byte (&data[pos + 3]);
- if (pos + frame_size + csize > size) {
+ if (csize > size - pos - frame_size) {
g_debug ("[v20] Size of current frame '%s' (%" G_GSIZE_FORMAT ") "
"exceeds file boundaries (%" G_GSIZE_FORMAT "), "
"not processing any more frames",
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]