summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2017-09-12 13:16:15 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2017-09-12 13:16:15 +0200
commitb75c2fca2a39cea956efff127c345c00e99486f0 (patch)
treede23d458cffe11c9568621c64b4815291fe3f0ba /src
parent65543b032a3f3978f46add944c050d30e2d1a400 (diff)
PhotoRec: avoid potential endless loops
Diffstat (limited to 'src')
-rw-r--r--src/file_abr.c4
-rw-r--r--src/file_ace.c2
-rw-r--r--src/file_bld.c8
-rw-r--r--src/file_caf.c2
-rw-r--r--src/file_flac.c2
-rw-r--r--src/file_flv.c3
-rw-r--r--src/file_fs.c2
-rw-r--r--src/file_jpg.c6
-rw-r--r--src/file_mid.c4
-rw-r--r--src/file_mxf.c10
-rw-r--r--src/file_oci.c2
-rw-r--r--src/file_png.c10
-rw-r--r--src/file_riff.c6
-rw-r--r--src/file_wv.c2
-rw-r--r--src/file_xm.c4
15 files changed, 34 insertions, 33 deletions
diff --git a/src/file_abr.c b/src/file_abr.c
index e95f299..a21d4bf 100644
--- a/src/file_abr.c
+++ b/src/file_abr.c
@@ -57,7 +57,7 @@ static data_check_t data_check_abr(const unsigned char *buffer, const unsigned i
const struct abr_header *hdr=(const struct abr_header*)&buffer[i];
if(memcmp(hdr->magic, "8BIM", 4)!=0)
return DC_STOP;
- file_recovery->calculated_file_size+=be32(hdr->size)+12;
+ file_recovery->calculated_file_size+=(uint64_t)12 + be32(hdr->size);
}
return DC_CONTINUE;
}
@@ -71,7 +71,7 @@ static int header_check_abr(const unsigned char *buffer, const unsigned int buff
const struct abr_header *h=(const struct abr_header*)&buffer[i];
if(memcmp(h->magic, "8BIM", 4)!=0)
return 0;
- i+=be32(h->size)+12;
+ i+=(uint64_t)12 + be32(h->size);
}
reset_file_recovery(file_recovery_new);
file_recovery_new->extension=file_hint_abr.extension;
diff --git a/src/file_ace.c b/src/file_ace.c
index 337155a..582e6ca 100644
--- a/src/file_ace.c
+++ b/src/file_ace.c
@@ -155,7 +155,7 @@ static void file_check_ace(file_recovery_t *file_recovery)
}
/* Add its header size */
- file_recovery->file_size += 2U + 2 + le16(h.size); /* +2: CRC16, +2: size */
+ file_recovery->file_size += (uint64_t)4 + le16(h.size); /* +2: CRC16, +2: size */
/* If addsize flag, add complementary size */
if (le16(h.flags)&1)
{
diff --git a/src/file_bld.c b/src/file_bld.c
index 6ccf74c..3fc5b26 100644
--- a/src/file_bld.c
+++ b/src/file_bld.c
@@ -63,7 +63,7 @@ static data_check_t data_check_blend4le(const unsigned char *buffer, const unsig
file_recovery->calculated_file_size+=0x14;
return DC_STOP;
}
- file_recovery->calculated_file_size+=0x14+len;
+ file_recovery->calculated_file_size+=(uint64_t)0x14+len;
}
return DC_CONTINUE;
}
@@ -86,7 +86,7 @@ static data_check_t data_check_blend8le(const unsigned char *buffer, const unsig
file_recovery->calculated_file_size+=0x18;
return DC_STOP;
}
- file_recovery->calculated_file_size+=0x18+len;
+ file_recovery->calculated_file_size+=(uint64_t)0x18+len;
}
return DC_CONTINUE;
}
@@ -109,7 +109,7 @@ static data_check_t data_check_blend4be(const unsigned char *buffer, const unsig
file_recovery->calculated_file_size+=0x14;
return DC_STOP;
}
- file_recovery->calculated_file_size+=0x14+len;
+ file_recovery->calculated_file_size+=(uint64_t)0x14+len;
}
return DC_CONTINUE;
}
@@ -132,7 +132,7 @@ static data_check_t data_check_blend8be(const unsigned char *buffer, const unsig
file_recovery->calculated_file_size+=0x18;
return DC_STOP;
}
- file_recovery->calculated_file_size+=0x18+len;
+ file_recovery->calculated_file_size+=(uint64_t)0x18+len;
}
return DC_CONTINUE;
}
diff --git a/src/file_caf.c b/src/file_caf.c
index c43f220..521a0b9 100644
--- a/src/file_caf.c
+++ b/src/file_caf.c
@@ -78,7 +78,7 @@ static data_check_t data_check_caf(const unsigned char *buffer, const unsigned i
}
if(chunk_size >= 0)
{
- file_recovery->calculated_file_size+=12+chunk_size;
+ file_recovery->calculated_file_size+=(uint64_t)12+chunk_size;
}
else
{
diff --git a/src/file_flac.c b/src/file_flac.c
index 7727335..2a3a863 100644
--- a/src/file_flac.c
+++ b/src/file_flac.c
@@ -65,7 +65,7 @@ static data_check_t data_check_flac_metadata(const unsigned char *buffer, const
#endif
if((buffer[i]&0x7f)==0x7f)
return DC_ERROR;
- file_recovery->calculated_file_size+=4+size;
+ file_recovery->calculated_file_size+=(uint64_t)4+size;
if((buffer[i]&0x80)==0x80)
{
file_recovery->data_check=&data_check_flac_frame;
diff --git a/src/file_flv.c b/src/file_flv.c
index 3e86c87..1adf12a 100644
--- a/src/file_flv.c
+++ b/src/file_flv.c
@@ -82,7 +82,8 @@ static data_check_t data_check_flv(const unsigned char *buffer, const unsigned i
file_recovery->calculated_file_size+=4;
return DC_STOP;
}
- file_recovery->calculated_file_size+=4+11+datasize;
+ /* 4+11=15*/
+ file_recovery->calculated_file_size+=(uint64_t)15+datasize;
}
else
return DC_ERROR;
diff --git a/src/file_fs.c b/src/file_fs.c
index f9c6cbb..c8aa99f 100644
--- a/src/file_fs.c
+++ b/src/file_fs.c
@@ -71,7 +71,7 @@ static data_check_t data_check_fs(const unsigned char *buffer, const unsigned in
#ifdef DEBUG_FS
log_info("0x%08llx len=%llu status=%c\n", (long long unsigned)file_recovery->calculated_file_size, (long long unsigned)len, hdr->status);
#endif
- file_recovery->calculated_file_size+=len+8;
+ file_recovery->calculated_file_size+=(uint64_t)8+len;
#ifdef DEBUG_FS
log_info("0x%08llx\n", (long long unsigned)file_recovery->calculated_file_size);
#endif
diff --git a/src/file_jpg.c b/src/file_jpg.c
index b596cd2..e7da1b5 100644
--- a/src/file_jpg.c
+++ b/src/file_jpg.c
@@ -299,7 +299,7 @@ static void file_check_mpo(file_recovery_t *fr)
}
do
{
- offset+=2+size;
+ offset+=(uint64_t)2+size;
if(my_fseek(fr->handle, offset, SEEK_SET) < 0)
{
fr->file_size=0;
@@ -1481,7 +1481,7 @@ static uint64_t jpg_check_structure(file_recovery_t *file_recovery, const unsign
#ifdef DEBUG_JPEG
log_info("%s marker 0x%02x at 0x%x\n", file_recovery->filename, buffer[i+1], i);
#endif
- offset+=2+size;
+ offset+=(uint64_t)2+size;
if(buffer[i+1]==0xda) /* SOS: Start Of Scan */
{
file_recovery->offset_ok=i+1;
@@ -1813,7 +1813,7 @@ data_check_t data_check_jpg(const unsigned char *buffer, const unsigned int buff
(long long unsigned)file_recovery->calculated_file_size,
(long long unsigned)file_recovery->calculated_file_size+2+size);
#endif
- file_recovery->calculated_file_size+=2+size;
+ file_recovery->calculated_file_size+=(uint64_t)2+size;
if(buffer[i+1]==0xc0) /* SOF0 */
{
if(jpg_check_sof0(buffer, buffer_size, i)!=0)
diff --git a/src/file_mid.c b/src/file_mid.c
index 06d82de..c7f8255 100644
--- a/src/file_mid.c
+++ b/src/file_mid.c
@@ -76,7 +76,7 @@ static void file_check_midi(file_recovery_t *file_recovery)
fread(&track, 8, 1, file_recovery->handle) != 1 ||
memcmp(&track.magic[0], "MTrk", 4)!=0)
return ;
- fs+=8+be32(track.len);
+ fs+=(uint64_t)8+be32(track.len);
}
if(fs_org < fs)
return ;
@@ -96,7 +96,7 @@ static data_check_t data_check_midi(const unsigned char *buffer, const unsigned
#endif
if(memcmp(&hdr->magic[0], "MTrk", 4)!=0)
return DC_STOP;
- file_recovery->calculated_file_size+=len+8;
+ file_recovery->calculated_file_size+=(uint64_t)8+len;
}
return DC_CONTINUE;
}
diff --git a/src/file_mxf.c b/src/file_mxf.c
index 07c7364..d6715bb 100644
--- a/src/file_mxf.c
+++ b/src/file_mxf.c
@@ -81,22 +81,22 @@ static data_check_t data_check_mxf(const unsigned char *buffer, const unsigned i
switch(buffer[i+0x10])
{
case 0x81:
- file_recovery->calculated_file_size+=0x14+buffer[i+0x11];
+ file_recovery->calculated_file_size+=(uint64_t)0x14+buffer[i+0x11];
break;
case 0x82:
- file_recovery->calculated_file_size+=0x14+(buffer[i+0x11]<<8)+buffer[i+0x12];
+ file_recovery->calculated_file_size+=(uint64_t)0x14+(buffer[i+0x11]<<8)+buffer[i+0x12];
break;
case 0x83:
- file_recovery->calculated_file_size+=0x14+(buffer[i+0x11]<<16)+(buffer[i+0x12]<<8)+buffer[i+0x13];
+ file_recovery->calculated_file_size+=(uint64_t)0x14+(buffer[i+0x11]<<16)+(buffer[i+0x12]<<8)+buffer[i+0x13];
break;
case 0x84:
{
const uint32_t *p32=(const uint32_t*)&buffer[i+0x11];
- file_recovery->calculated_file_size+=0x14 + le32(*p32);
+ file_recovery->calculated_file_size+=(uint64_t)0x14 + le32(*p32);
}
break;
default:
- file_recovery->calculated_file_size+=0x14+buffer[i+0x10];
+ file_recovery->calculated_file_size+=(uint64_t)0x14+buffer[i+0x10];
break;
}
}
diff --git a/src/file_oci.c b/src/file_oci.c
index b033108..94145aa 100644
--- a/src/file_oci.c
+++ b/src/file_oci.c
@@ -69,7 +69,7 @@ static data_check_t data_check_oci(const unsigned char *buffer, const unsigned i
(buffer[i+2]>='A' && buffer[i+2]<='Z') &&
(buffer[i+3]>='A' && buffer[i+3]<='Z'))
{
- file_recovery->calculated_file_size+=atom_size+8;
+ file_recovery->calculated_file_size+=(uint64_t)8+atom_size;
}
else
{
diff --git a/src/file_png.c b/src/file_png.c
index e79f4cd..31b8a69 100644
--- a/src/file_png.c
+++ b/src/file_png.c
@@ -115,7 +115,7 @@ static void file_check_png(file_recovery_t *fr)
fr->file_size=0;
return ;
}
- fr->file_size+=12 + be32(chunk->length);
+ fr->file_size+=(uint64_t)12 + be32(chunk->length);
if(memcmp(&buffer[4], "IEND", 4)==0)
return ;
}
@@ -156,7 +156,7 @@ static data_check_t data_check_mng(const unsigned char *buffer, const unsigned i
const struct png_chunk *chunk=(const struct png_chunk *)&buffer[i];
if(memcmp(&buffer[i+4], mng_footer, sizeof(mng_footer))==0)
{
- file_recovery->calculated_file_size+=12 + be32(chunk->length);
+ file_recovery->calculated_file_size+=(uint64_t)12 + be32(chunk->length);
return DC_STOP;
}
if( !((isupper(buffer[i+4]) || islower(buffer[i+4])) &&
@@ -168,7 +168,7 @@ static data_check_t data_check_mng(const unsigned char *buffer, const unsigned i
return DC_ERROR;
}
file_recovery->offset_ok=file_recovery->calculated_file_size+7;
- file_recovery->calculated_file_size+=12 + be32(chunk->length);
+ file_recovery->calculated_file_size+=(uint64_t)12 + be32(chunk->length);
}
return DC_CONTINUE;
}
@@ -182,7 +182,7 @@ static data_check_t data_check_png(const unsigned char *buffer, const unsigned i
const struct png_chunk *chunk=(const struct png_chunk *)&buffer[i];
if(memcmp(&buffer[i+4], "IEND", 4)==0)
{
- file_recovery->calculated_file_size+=12 + be32(chunk->length);
+ file_recovery->calculated_file_size+=(uint64_t)12 + be32(chunk->length);
return DC_STOP;
}
// PNG chunk code
@@ -197,7 +197,7 @@ static data_check_t data_check_png(const unsigned char *buffer, const unsigned i
return DC_ERROR;
}
file_recovery->offset_ok=file_recovery->calculated_file_size+7;
- file_recovery->calculated_file_size+=12 + be32(chunk->length);
+ file_recovery->calculated_file_size+=(uint64_t)12 + be32(chunk->length);
}
return DC_CONTINUE;
}
diff --git a/src/file_riff.c b/src/file_riff.c
index d029431..e0b68bd 100644
--- a/src/file_riff.c
+++ b/src/file_riff.c
@@ -127,7 +127,7 @@ static void check_riff_list(file_recovery_t *fr, const unsigned int depth, const
log_riff_chunk(file_size, depth, &list_header);
#endif
}
- file_size += 8 + le32(list_header.dwSize);
+ file_size += (uint64_t)8 + le32(list_header.dwSize);
/* align to word boundary */
file_size += (file_size&1);
}
@@ -178,7 +178,7 @@ static data_check_t data_check_avi(const unsigned char *buffer, const unsigned i
const unsigned int i=file_recovery->calculated_file_size - file_recovery->file_size + buffer_size/2;
const riff_chunk_header *chunk_header=(const riff_chunk_header*)&buffer[i];
if(memcmp(&buffer[i], "RIFF", 4)==0 && memcmp(&buffer[i+8], "AVIX", 4)==0)
- file_recovery->calculated_file_size += 8 + le32(chunk_header->dwSize);
+ file_recovery->calculated_file_size += (uint64_t)8 + le32(chunk_header->dwSize);
else
return DC_STOP;
}
@@ -199,7 +199,7 @@ data_check_t data_check_avi_stream(const unsigned char *buffer, const unsigned i
#endif
return DC_STOP;
}
- file_recovery->calculated_file_size += 8 + le32(chunk_header->dwSize);
+ file_recovery->calculated_file_size += (uint64_t)8 + le32(chunk_header->dwSize);
#ifdef DEBUG_RIFF
log_info("data_check_avi_stream %llu\n", (long long unsigned)file_recovery->calculated_file_size);
#endif
diff --git a/src/file_wv.c b/src/file_wv.c
index 63b60eb..a061cff 100644
--- a/src/file_wv.c
+++ b/src/file_wv.c
@@ -89,7 +89,7 @@ static data_check_t data_check_wv(const unsigned char *buffer, const unsigned in
const WavpackHeader *wv=(const WavpackHeader*)&buffer[i];
if(memcmp(wv, wv_header, sizeof(wv_header))==0)
{
- file_recovery->calculated_file_size+=le32(wv->ckSize)+8;
+ file_recovery->calculated_file_size+=(uint64_t)8+le32(wv->ckSize);
}
else if(buffer[i]=='A' && buffer[i+1]=='P' && buffer[i+2]=='E' && buffer[i+3]=='T' && buffer[i+4]=='A' && buffer[i+5]=='G' && buffer[i+6]=='E' && buffer[i+7]=='X')
{ /* APE Tagv2 (APE Tagv1 has no header) http://wiki.hydrogenaudio.org/index.php?title=APE_Tags_Header */
diff --git a/src/file_xm.c b/src/file_xm.c
index cab9b96..8a32d96 100644
--- a/src/file_xm.c
+++ b/src/file_xm.c
@@ -71,7 +71,7 @@ static int parse_patterns(file_recovery_t *fr, uint16_t patterns)
if (fseek(fr->handle, data_size, SEEK_CUR) == -1)
return -1;
- fr->file_size += header_size+data_size;
+ fr->file_size += (uint64_t)header_size+data_size;
}
return 0;
}
@@ -130,7 +130,7 @@ static int parse_instruments(file_recovery_t *fr, uint16_t instrs)
if (fseek(fr->handle, 36+size, SEEK_CUR) == -1)
return -1;
- fr->file_size += 40+size;
+ fr->file_size += (uint64_t)40+size;
}
}
/* No sample, account for garbage */