Reviewed-by: Steven Dake <[email protected]> On 02/21/2011 08:41 AM, Jan Friesse wrote: > Corrupted files may contain items with rec_size larger then g_record > buffer and/or flt_data_size. > > Also g_record array size is now defined as constant. > > Signed-off-by: Jan Friesse <[email protected]> > --- > tools/corosync-fplay.c | 10 +++++++++- > 1 files changed, 9 insertions(+), 1 deletions(-) > > diff --git a/tools/corosync-fplay.c b/tools/corosync-fplay.c > index 2ecc06a..c5f778c 100644 > --- a/tools/corosync-fplay.c > +++ b/tools/corosync-fplay.c > @@ -341,7 +341,9 @@ static struct printer_subsys printer_subsystems[] = { > static unsigned int printer_subsys_count = > sizeof (printer_subsystems) / sizeof (struct printer_subsys); > > -static unsigned int g_record[10000]; > +#define G_RECORD_SIZE 10000 > + > +static unsigned int g_record[G_RECORD_SIZE]; > > /* > * Copy record, dealing with wrapping > @@ -354,6 +356,12 @@ static int logsys_rec_get (int rec_idx) { > > firstcopy = rec_size; > secondcopy = 0; > + > + if (rec_size > G_RECORD_SIZE || rec_size > flt_data_size) { > + fprintf (stderr, "rec_size too large. Input file is probably > corrupted.\n"); > + exit (EXIT_FAILURE); > + } > + > if (firstcopy + rec_idx > flt_data_size) { > firstcopy = flt_data_size - rec_idx; > secondcopy -= firstcopy - rec_size;
_______________________________________________ Openais mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/openais
