summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2017-06-30 06:53:18 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2017-06-30 06:53:18 +0200
commit193dea80a28e19bfcabf3508872350d1895734ca (patch)
tree7495c2767e0eaf4d57fa694660a14aa04cb65c8e /src
parent2912e6cb70389382209af566fafdffea43dec555 (diff)
Avoid a division by zero in update_location()
Thanks to Adel KHALDI from Blue Frost Security GmbH for reporting the problem.
Diffstat (limited to 'src')
-rw-r--r--src/next.c53
1 files changed, 35 insertions, 18 deletions
diff --git a/src/next.c b/src/next.c
index 2a5efd0..5cd5212 100644
--- a/src/next.c
+++ b/src/next.c
@@ -57,36 +57,53 @@ static inline uint64_t CHS_to_offset(const unsigned int C, const int H, const in
static void update_location(void)
{
unsigned int i;
- if(search_location_info[search_location_nbr].inc==0)
+ const search_location_t *src=&search_location_info[search_location_nbr];
+ if(src->inc==0)
{
+ for(i=0; i<search_location_nbr; i++)
+ {
+ if(search_location_info[i].offset == src->offset)
+ return ;
+ }
if(search_location_nbr < SEARCH_LOCATION_MAX)
search_location_nbr++;
return;
}
for(i=0; i<search_location_nbr; i++)
{
- if(search_location_info[i].offset==search_location_info[search_location_nbr].offset &&
- search_location_info[i].inc >= search_location_info[search_location_nbr].inc &&
- search_location_info[i].inc % search_location_info[search_location_nbr].inc==0)
+ search_location_t *cur=&search_location_info[i];
+ if(cur->offset == src->offset &&
+ cur->inc >= src->inc &&
+ cur->inc % src->inc==0)
{
- search_location_info[i].inc=search_location_info[search_location_nbr].inc;
+ cur->inc=src->inc;
return ;
}
- if(search_location_info[i].offset==search_location_info[search_location_nbr].offset &&
- search_location_info[search_location_nbr].inc >= search_location_info[i].inc &&
- search_location_info[search_location_nbr].inc % search_location_info[i].inc==0)
- return ;
- if(search_location_info[i].inc==search_location_info[search_location_nbr].inc &&
- search_location_info[i].offset >= search_location_info[search_location_nbr].offset &&
- (search_location_info[i].offset - search_location_info[search_location_nbr].offset)%search_location_info[i].inc==0)
+ if(cur->inc == 0)
{
- search_location_info[i].offset=search_location_info[search_location_nbr].offset;
- return ;
+ if(cur->offset == src->offset)
+ {
+ cur->inc = src->inc;
+ return ;
+ }
+ }
+ else
+ {
+ if(cur->offset == src->offset &&
+ src->inc >= cur->inc && src->inc % cur->inc==0)
+ return ;
+ if(cur->inc==src->inc &&
+ cur->offset >= src->offset &&
+ (cur->offset - src->offset)%cur->inc==0)
+ {
+ cur->offset=src->offset;
+ return ;
+ }
+ if(cur->inc==src->inc &&
+ src->offset >= cur->offset &&
+ (src->offset - cur->offset)%cur->inc==0)
+ return ;
}
- if(search_location_info[i].inc==search_location_info[search_location_nbr].inc &&
- search_location_info[search_location_nbr].offset >= search_location_info[i].offset &&
- (search_location_info[search_location_nbr].offset - search_location_info[i].offset)%search_location_info[i].inc==0)
- return ;
}
if(search_location_nbr < SEARCH_LOCATION_MAX)
search_location_nbr++;