Fix potential out of bounds read.

The check was only done when not memory mapped, so there was a potential
out of bounds read. In addition the check only printed an error, and
didn't return and went ahead with the erronous read.

The 'loc' variable is indirectly read from the file, so in case the
history file is corrupted this could potentially lead to a crash.

Found by Coverity.

REVIEW: 128153
parent 947342e3
......@@ -158,14 +158,17 @@ void HistoryFile::get(unsigned char* buffer, int size, int loc)
if (!_fileMap && _readWriteBalance < MAP_THRESHOLD)
map();
if (loc < 0 || size < 0 || loc + size > _length) {
fprintf(stderr, "getHist(...,%d,%d): invalid args.\n", size, loc);
return;
}
if (_fileMap) {
for (int i = 0; i < size; i++)
buffer[i] = _fileMap[loc + i];
} else {
int rc = 0;
if (loc < 0 || size < 0 || loc + size > _length)
fprintf(stderr, "getHist(...,%d,%d): invalid args.\n", size, loc);
rc = QT_LSEEK(_fd, loc, SEEK_SET);
if (rc < 0) {
perror("HistoryFile::get.seek");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment