summaryrefslogtreecommitdiffstats
path: root/src/file_mkv.c
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2013-04-28 11:19:32 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2013-04-28 11:19:32 +0200
commit8dbb261d7724fef720d15885be63361afa01b9e9 (patch)
treeb8cb667a3829bf41ed2943bbdc1e3e2bcf8b45ba /src/file_mkv.c
parent8a6a397eb279ae4ee7b811c1ac97c91d3b911c32 (diff)
PhotoRec: add boundary check in src/file_mkv.c
Diffstat (limited to 'src/file_mkv.c')
-rw-r--r--src/file_mkv.c29
1 files changed, 8 insertions, 21 deletions
diff --git a/src/file_mkv.c b/src/file_mkv.c
index 505da76..9d8d89e 100644
--- a/src/file_mkv.c
+++ b/src/file_mkv.c
@@ -34,6 +34,7 @@
#include "types.h"
#include "filegen.h"
#include "common.h"
+#include "memmem.h"
#ifdef DEBUG_MKV
#include "log.h"
#endif
@@ -53,26 +54,10 @@ const file_hint_t file_hint_mkv= {
static const unsigned char *EBML_find(const unsigned char *buffer, const unsigned int buffer_size, const unsigned char *EBML_Header, const unsigned int EBML_size)
{
- const unsigned char *p = buffer;
- unsigned int p_size = buffer_size;
- int found = 0;
- do
- {
- p = (const unsigned char *)memchr(p, EBML_Header[0], p_size);
- if (p == NULL)
- return NULL;
- p_size-=(p-buffer);
- if (memcmp(p, EBML_Header, EBML_size) == 0)
- found = 1;
- else
- p++;
- } while(found == 0);
- if (p_size-EBML_size > 0)
- {
- p+=EBML_size;
- return p;
- }
- return NULL;
+ const unsigned char *tmp=(const unsigned char *)td_memmem(buffer, buffer_size, EBML_Header, EBML_size);
+ if(tmp==NULL)
+ return NULL;
+ return tmp+EBML_size;
}
static int EBML_read_unsigned(const unsigned char *p, const unsigned int p_size, uint64_t *uint64)
@@ -117,7 +102,7 @@ static int EBML_read_string(const unsigned char *p, const unsigned int p_size, c
strlength <<= 8;
strlength += p[i];
}
- if(p_size < bytes + strlength)
+ if(strlength + bytes > p_size)
return -1;
*string = (char *)MALLOC(strlength+1);
memcpy(*string, p+bytes, strlength);
@@ -152,6 +137,8 @@ static int header_check_mkv(const unsigned char *buffer, const unsigned int buff
buffer_size-sizeof(EBML_header), &header_data_size)) < 0)
return 0;
header_data_offset = sizeof(EBML_header) + len;
+ if(header_data_offset >= buffer_size)
+ return 0;
segment_offset = header_data_offset + header_data_size;
#ifdef DEBUG_MKV
log_info("header_data_offset %llu\n", (long long unsigned) header_data_offset);