Code Review
/
apps
/
low-level-can-service.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
review
|
tree
raw
|
patch
|
inline
| side by side (parent:
459d9cf
)
Fix potential out-of-bounds read with more than 64 required fields
author
Petteri Aimonen
<jpa@git.mail.kapsi.fi>
Sun, 12 Mar 2017 10:18:32 +0000
(12:18 +0200)
committer
Petteri Aimonen
<jpa@git.mail.kapsi.fi>
Sun, 12 Mar 2017 10:18:32 +0000
(12:18 +0200)
pb_decode.c
patch
|
blob
|
history
diff --git
a/pb_decode.c
b/pb_decode.c
index
e2e90ca
..
06d766a
100644
(file)
--- a/
pb_decode.c
+++ b/
pb_decode.c
@@
-934,6
+934,9
@@
bool checkreturn pb_decode_noinit(pb_istream_t *stream, const pb_field_t fields[
if (PB_HTYPE(last_type) == PB_HTYPE_REQUIRED && iter.pos->tag != 0)
req_field_count++;
if (PB_HTYPE(last_type) == PB_HTYPE_REQUIRED && iter.pos->tag != 0)
req_field_count++;
+ if (req_field_count > PB_MAX_REQUIRED_FIELDS)
+ req_field_count = PB_MAX_REQUIRED_FIELDS;
+
if (req_field_count > 0)
{
/* Check the whole words */
if (req_field_count > 0)
{
/* Check the whole words */
@@
-943,9
+946,15
@@
bool checkreturn pb_decode_noinit(pb_istream_t *stream, const pb_field_t fields[
PB_RETURN_ERROR(stream, "missing required field");
}
PB_RETURN_ERROR(stream, "missing required field");
}
- /* Check the remaining bits */
- if (fields_seen[req_field_count >> 5] != (allbits >> (32 - (req_field_count & 31))))
- PB_RETURN_ERROR(stream, "missing required field");
+ /* Check the remaining bits (if any) */
+ if ((req_field_count & 31) != 0)
+ {
+ if (fields_seen[req_field_count >> 5] !=
+ (allbits >> (32 - (req_field_count & 31))))
+ {
+ PB_RETURN_ERROR(stream, "missing required field");
+ }
+ }
}
}
}
}