root/QtPBFImagePlugin
1
0
Fork 0
mirror of https://github.com/tumic0/QtPBFImagePlugin.git synced 2025-01-18 12:02:10 +01:00
Code Issues Projects Releases Wiki Activity

Added missing length size checks

Browse Source 
+ code cleanup/refactoring
This commit is contained in:
Martin Tůma 2025-01-07 08:52:40 +01:00
parent 252ca8542a
commit 3c125c9a7a
1 changed files with 76 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/data.cpp
View File

@ -40,13 +40,22 @@ static bool varint(CTX &ctx, T &val)
return false;
}
static bool length(CTX &ctx, qint32 &val)
{
if (TYPE(ctx.tag) != LEN)
return false;
if (!varint(ctx, val))
return false;
return (val > 0);
}
static bool str(CTX &ctx, QByteArray &val)
{
qint32 len;
if (TYPE(ctx.tag) != LEN)
return false;
if (!varint(ctx, len))
if (!length(ctx, len))
return false;
if (ctx.bp + len > ctx.be)
return false;
@ -89,7 +98,7 @@ static bool packed(CTX &ctx, QVector<quint32> &vals)
if (TYPE(ctx.tag) == LEN) {
qint32 len;
if (!varint(ctx, len))
if (!varint(ctx, len) || len <= 0)
return false;
const char *ee = ctx.bp + len;
if (ee > ctx.be)
@ -120,7 +129,7 @@ static bool skip(CTX &ctx)
len = 8;
break;
case LEN:
if (!varint(ctx, len))
if (!varint(ctx, len) || len <= 0)
return false;
break;
case I32:
@ -139,16 +148,13 @@ static bool skip(CTX &ctx)
static bool value(CTX &ctx, QVariant &val)
{
if (TYPE(ctx.tag) != LEN)
return false;
qint32 len;
QByteArray ba;
quint64 num;
double dnum;
float fnum;
if (!varint(ctx, len))
if (!length(ctx, len))
return false;
const char *ee = ctx.bp + len;
@ -214,13 +220,10 @@ static bool value(CTX &ctx, QVariant &val)
static bool feature(CTX &ctx, Data::Feature &f)
{
qint32 len;
quint32 e;
if (TYPE(ctx.tag) != LEN)
return false;
qint32 len;
if (!varint(ctx, len))
if (!length(ctx, len))
return false;
const char *ee = ctx.bp + len;
@ -266,12 +269,9 @@ static bool feature(CTX &ctx, Data::Feature &f)
static bool layer(CTX &ctx, Data::Layer &l)
{
if (FIELD(ctx.tag) == 3) {
if (TYPE(ctx.tag) != LEN)
return false;
qint32 len;
if (!varint(ctx, len))
if (!length(ctx, len))
return false;
const char *ee = ctx.bp + len;
@ -321,8 +321,6 @@ static bool layer(CTX &ctx, Data::Layer &l)
}
return (ctx.bp == ee);
} else
return skip(ctx);
}
bool Data::load(const QByteArray &ba)
@ -332,9 +330,17 @@ bool Data::load(const QByteArray &ba)
while (ctx.bp < ctx.be) {
if (!varint(ctx, ctx.tag))
return false;
switch (FIELD(ctx.tag)) {
case 3:
_layers.append(Layer());
if (!layer(ctx, _layers.last()))
return false;
break;
default:
if (!skip(ctx))
return false;
}
}
return (ctx.bp == ctx.be);