mirror/konsole
1
0
Fork 0
mirror of https://github.com/KDE/konsole.git synced 2025-12-23 23:38:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential out of bounds read.

Browse Source 
The check was only done when not memory mapped, so there was a potential
out of bounds read. In addition the check only printed an error, and
didn't return and went ahead with the erronous read.

The 'loc' variable is indirectly read from the file, so in case the
history file is corrupted this could potentially lead to a crash.

Found by Coverity.

REVIEW: 128153
This commit is contained in:
Martin T. H. Sandsmark
2016-06-11 18:27:32 +02:00
parent 947342e333
commit c026b0e4b1
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/History.cpp
View File

@@ -158,14 +158,17 @@ void HistoryFile::get(unsigned char* buffer, int size, int loc)
if (!_fileMap && _readWriteBalance < MAP_THRESHOLD)
map();
if (loc < 0 || size < 0 || loc + size > _length) {
fprintf(stderr, "getHist(...,%d,%d): invalid args.\n", size, loc);
return;
}
if (_fileMap) {
for (int i = 0; i < size; i++)
buffer[i] = _fileMap[loc + i];
} else {
int rc = 0;
if (loc < 0 || size < 0 || loc + size > _length)
fprintf(stderr, "getHist(...,%d,%d): invalid args.\n", size, loc);
rc = QT_LSEEK(_fd, loc, SEEK_SET);
if (rc < 0) {
perror("HistoryFile::get.seek");