Context Navigation

Changeset 199 for Evidence/Evidence.cc

Timestamp:

04/20/10 16:01:16 (15 years ago)

Author:

daqct3

Message:

Bug in ToString() resulted in buffer overflow for structure

File:

-              r187
+              r199
   char *Text;
+  // Safety check
+  if (Item->getSize() < 1) return NULL;
   // Structure: print hex representation (3 characters per byte)
   if (strlen(Item->getFormat()) != 1) {
+    if ((Text = (char *) malloc(3*Item->getSize()+1)) != NULL) {
+          for (int i=0; i<Item->getSize(); i++) sprintf(Text+3*i, "%02x", *((char *) Item->getData() + i));
+        }
+    int Size = 3*Item->getSize()+1, N;
+    if ((Text = (char *) malloc(Size)) == NULL) return NULL;
+        char *CurrPos = Text;
+        for (int i=0; i<Item->getSize(); i++) {
+          N = snprintf(CurrPos, Size, "%02x ", *((char *) Item->getData() + i));
+          if (N<0 || N>=Size) {
+            free(Text);
+                if (asprintf(&Text, "Structure length %d bytes, buffer overflow in ToString()", Item->getSize()) == -1) return NULL;
+                else return Text;
+          }
+          Size -= N;
+          CurrPos += N;
+        }
         return Text;
+  }

Note: See TracChangeset for help on using the changeset viewer.