Fix potential buffer overflow

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
author: Slávek Banko <slavek.banko@axis.cz> 2015-09-14 01:27:38 +0200
committer: Slávek Banko <slavek.banko@axis.cz> 2015-09-14 01:27:38 +0200
commit: 53090f76505d2109d86175f6d002b69996d90eea (patch)
tree: 60e4392f113d4e8dddfc1b9bc6681c2100c5e5f9
parent: f4b637a92b40664dfc3523bfc7632cc718ad6175 (diff)
download: libksquirrel-53090f76505d2109d86175f6d002b69996d90eea.tar.gz
libksquirrel-53090f76505d2109d86175f6d002b69996d90eea.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/kernel/kls_hdr/fmt_codec_hdr.cpp b/kernel/kls_hdr/fmt_codec_hdr.cpp
index 9819504..33af0a0 100644
--- a/kernel/kls_hdr/fmt_codec_hdr.cpp
+++ b/kernel/kls_hdr/fmt_codec_hdr.cpp
@@ -283,7 +283,8 @@ bool fmt_codec::getHdrHead()
 	bool done = false;
 	s8 a, b;
 	s8 x[2], y[2];
-	s8 buff[80];
+	const u32 buffSize = 80;
+	s8 buff[buffSize];
 	u32 count = 0;
 
 	if(!frs.readK(hdr.sig, sizeof(hdr.sig)-1)) return false;
@@ -320,6 +321,9 @@ bool fmt_codec::getHdrHead()
 		if(!frs.readK(&a, sizeof(s8))) return false;
 
 		++count;
+		if (count > buffSize-1) {
+			return false;
+		}
 	}
 
 	buff[count] = '\0';
author	Slávek Banko <slavek.banko@axis.cz>	2015-09-14 01:27:38 +0200
committer	Slávek Banko <slavek.banko@axis.cz>	2015-09-14 01:27:38 +0200
commit	53090f76505d2109d86175f6d002b69996d90eea (patch)
tree	60e4392f113d4e8dddfc1b9bc6681c2100c5e5f9
parent	f4b637a92b40664dfc3523bfc7632cc718ad6175 (diff)
download	libksquirrel-53090f76505d2109d86175f6d002b69996d90eea.tar.gz libksquirrel-53090f76505d2109d86175f6d002b69996d90eea.zip