PhotoRec: add bound check while parsing ico files
This commit is contained in:
Christophe Grenier
parent
0a3650d64e
commit
20d96c6668
1 changed files with 14 additions and 16 deletions
|
|
@ -33,7 +33,6 @@
|
|||
#include "log.h"
|
||||
|
||||
static void register_header_check_ico(file_stat_t *file_stat);
|
||||
static int header_check_ico(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
|
||||
|
||||
const file_hint_t file_hint_ico= {
|
||||
.extension="ico",
|
||||
|
|
@ -54,20 +53,6 @@ static const unsigned char header_ico7[6]= {0x00 , 0x00, 0x01, 0x00, 0x07, 0x00}
|
|||
static const unsigned char header_ico8[6]= {0x00 , 0x00, 0x01, 0x00, 0x08, 0x00};
|
||||
static const unsigned char header_ico9[6]= {0x00 , 0x00, 0x01, 0x00, 0x09, 0x00};
|
||||
|
||||
|
||||
static void register_header_check_ico(file_stat_t *file_stat)
|
||||
{
|
||||
register_header_check(0, header_ico1, sizeof(header_ico1), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico2, sizeof(header_ico2), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico3, sizeof(header_ico3), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico4, sizeof(header_ico4), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico5, sizeof(header_ico5), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico6, sizeof(header_ico6), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico7, sizeof(header_ico7), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico8, sizeof(header_ico8), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico9, sizeof(header_ico9), &header_check_ico, file_stat);
|
||||
}
|
||||
|
||||
/*
|
||||
* http://en.wikipedia.org/wiki/ICO_(icon_image_file_format)
|
||||
*/
|
||||
|
|
@ -103,7 +88,7 @@ static int header_check_ico(const unsigned char *buffer, const unsigned int buff
|
|||
if(le16(ico->reserved)!=0 || le16(ico->type)!=1 || le16(ico->count)==0)
|
||||
return 0;
|
||||
for(i=0, ico_dir=(const struct ico_directory*)(ico+1);
|
||||
i<le16(ico->count);
|
||||
(const unsigned char *)(ico_dir+1) <= buffer+buffer_size && i<le16(ico->count);
|
||||
i++, ico_dir++)
|
||||
{
|
||||
#ifdef DEBUG_ICO
|
||||
|
|
@ -157,3 +142,16 @@ static int header_check_ico(const unsigned char *buffer, const unsigned int buff
|
|||
file_recovery_new->file_check=&file_check_size;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void register_header_check_ico(file_stat_t *file_stat)
|
||||
{
|
||||
register_header_check(0, header_ico1, sizeof(header_ico1), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico2, sizeof(header_ico2), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico3, sizeof(header_ico3), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico4, sizeof(header_ico4), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico5, sizeof(header_ico5), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico6, sizeof(header_ico6), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico7, sizeof(header_ico7), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico8, sizeof(header_ico8), &header_check_ico, file_stat);
|
||||
register_header_check(0, header_ico9, sizeof(header_ico9), &header_check_ico, file_stat);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue