root/ncdu-zig
1
0
Fork 0
mirror of https://code.blicky.net/yorhel/ncdu.git synced 2026-01-13 01:08:41 -09:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix integer overflow and off-by-one in binfmt itemref parsing

Browse source
This commit is contained in:
Yorhel 2024-08-23 07:53:05 +02:00
parent ca46c7241f
commit cc26ead5f8
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/bin_reader.zig
View file

@ -242,7 +242,7 @@ const CborVal = struct {
fn itemref(v: *const CborVal, cur: u64) u64 { fn itemref(v: *const CborVal, cur: u64) u64 {
if (v.major == .pos) return v.arg; if (v.major == .pos) return v.arg;
if (v.major == .neg) { if (v.major == .neg) {
if (v.arg > (1<<24)) die(); if (v.arg >= (cur & 0xffffff)) die();
return cur - v.arg - 1; return cur - v.arg - 1;
} }
return die(); return die();
@ -357,7 +357,7 @@ fn readItem(ref: u64) ItemParser {
global.lastitem = ref; global.lastitem = ref;
if (ref >= (1 << (24 + 32))) die(); if (ref >= (1 << (24 + 32))) die();
const block = readBlock(@intCast(ref >> 24)); const block = readBlock(@intCast(ref >> 24));
if ((ref & 0xffffff) > block.len) die(); if ((ref & 0xffffff) >= block.len) die();
return ItemParser.init(block[@intCast(ref & 0xffffff)..]); return ItemParser.init(block[@intCast(ref & 0xffffff)..]);
} }