Revision: 48516
http://brlcad.svn.sourceforge.net/brlcad/?rev=48516&view=rev
Author: erikgreenwald
Date: 2012-01-12 16:29:16 +0000 (Thu, 12 Jan 2012)
Log Message:
-----------
test for possible overflow on pointer advance. Cov322
Modified Paths:
--------------
brlcad/trunk/src/librt/db5_io.c
Modified: brlcad/trunk/src/librt/db5_io.c
===================================================================
--- brlcad/trunk/src/librt/db5_io.c 2012-01-12 16:26:55 UTC (rev 48515)
+++ brlcad/trunk/src/librt/db5_io.c 2012-01-12 16:29:16 UTC (rev 48516)
@@ -29,6 +29,7 @@
#include <stdio.h>
#include <string.h>
+#include <ctype.h>
#include "bin.h"
#include "bu.h"
@@ -406,6 +407,10 @@
*((struct db5_ondisk_header *)rip->buf) = header; /* struct copy */
memcpy(rip->buf+sizeof(header), lenbuf, count);
+ if ( (size_t)used > (UINTPTR_MAX - (size_t)rip->buf) ) {
+ bu_log("db5_get_raw_internal_fp(), Pointer advance goes beyond the end
of the universe. Aborting.\n");
+ return -1;
+ }
cp = rip->buf+used;
want = rip->object_length-used;
BU_ASSERT_LONG(want, >, 0);
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
RSA(R) Conference 2012
Mar 27 - Feb 2
Save $400 by Jan. 27
Register now!
http://p.sf.net/sfu/rsa-sfdev2dev2
_______________________________________________
BRL-CAD Source Commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/brlcad-commits
