Preventing use of zero sized SUSP CE entry which causes SIGSEGV. Debian bug 872590. Thanks Jakub Wilk and American Fuzzy Lop.

This commit is contained in:
Thomas Schmitt 2017-08-19 11:08:02 +02:00
parent 661b68ce8c
commit 91490d5f34
3 changed files with 8 additions and 1 deletions

View File

@ -8883,6 +8883,9 @@ int iso_conv_name_chars(IsoWriteOpts *opts, char *name, size_t name_len,
/** Unable to obtain root directory (FATAL,HIGH, -418) */
#define ISO_NO_ROOT_DIR 0xF030FE5E
/** Zero sized or oversized SUSP CE area found (FAILURE, HIGH, -419) */
#define ISO_SUSP_WRONG_CE_SIZE 0xE830FE5D
/* Internal developer note:
Place new error codes directly above this comment.

View File

@ -549,6 +549,8 @@ const char *iso_error_to_msg(int errcode)
return "Unrecognized GPT disk GUID setup mode";
case ISO_NO_ROOT_DIR:
return "Unable to obtain root directory";
case ISO_SUSP_WRONG_CE_SIZE:
return "Zero sized or oversized SUSP CE area found";
default:
return "Unknown error";
}

View File

@ -97,8 +97,10 @@ int susp_iter_next(SuspIterator *iter, struct susp_sys_user_entry **sue,
if (iter->ce_len) {
uint32_t block, nblocks;
/* A CE has found, there is another continuation area */
/* A CE was found, there is another continuation area */
nblocks = DIV_UP(iter->ce_off + iter->ce_len, BLOCK_SIZE);
if (nblocks <= 0)
return ISO_SUSP_WRONG_CE_SIZE;
iter->buffer = realloc(iter->buffer, nblocks * BLOCK_SIZE);
/* read all blocks needed to cache the full CE */