summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/file_exe.c5
-rw-r--r--src/file_fits.c2
-rw-r--r--src/file_jpg.c2
-rw-r--r--src/file_mp3.c4
-rw-r--r--src/file_riff.c2
-rw-r--r--src/file_zip.c4
6 files changed, 13 insertions, 6 deletions
diff --git a/src/file_exe.c b/src/file_exe.c
index fab7e18..819cc69 100644
--- a/src/file_exe.c
+++ b/src/file_exe.c
@@ -119,7 +119,10 @@ static int header_check_exe(const unsigned char *buffer, const unsigned int buff
uint64_t sum=0;
const struct pe_image_section_hdr *pe_image_section=(const struct pe_image_section_hdr*)
((const unsigned char*)pe_hdr + sizeof(struct pe_image_file_hdr) + le16(pe_hdr->SizeOfOptionalHeader));
- for(i=0;i<le16(pe_hdr->NumberOfSections) && (const unsigned char*)pe_image_section < buffer+buffer_size;i++,pe_image_section++)
+ for(i=0;
+ i<le16(pe_hdr->NumberOfSections) &&
+ (const unsigned char*)(pe_image_section+1) <= buffer+buffer_size;
+ i++,pe_image_section++)
{
if(le32(pe_image_section->SizeOfRawData)>0)
{
diff --git a/src/file_fits.c b/src/file_fits.c
index a82e438..606772f 100644
--- a/src/file_fits.c
+++ b/src/file_fits.c
@@ -71,7 +71,7 @@ static uint64_t fits_info(const unsigned char *buffer, const unsigned int buffer
uint64_t naxis_size=1;
unsigned int i=*i_pointer;
/* Header is composed of 80 character fixed-length strings */
- for(; i<buffer_size &&
+ for(; i+80 < buffer_size &&
memcmp(&buffer[i], "END ", 4)!=0;
i+=80)
{
diff --git a/src/file_jpg.c b/src/file_jpg.c
index 261be27..8c8ae08 100644
--- a/src/file_jpg.c
+++ b/src/file_jpg.c
@@ -1349,7 +1349,7 @@ static int jpg_check_dht(const unsigned char *buffer, const unsigned int buffer_
return 2;
j++;
for(l=0; l < 16; l++)
- if(j < buffer_size)
+ if(j+l < buffer_size)
sum+=buffer[j+l];
if(sum>255)
return 2;
diff --git a/src/file_mp3.c b/src/file_mp3.c
index cddcbb0..9cde947 100644
--- a/src/file_mp3.c
+++ b/src/file_mp3.c
@@ -367,7 +367,9 @@ static data_check_t data_check_mp3(const unsigned char *buffer, const unsigned i
static unsigned int pos_in_mem(const unsigned char *haystack, const unsigned int haystack_size, const unsigned char *needle, const unsigned int needle_size)
{
unsigned int i;
- for(i=0;i<haystack_size;i++)
+ if(haystack_size < needle_size)
+ return 0;
+ for(i=0; i <= haystack_size - needle_size; i++)
if(memcmp(&haystack[i],needle,needle_size)==0)
return (i+needle_size);
return 0;
diff --git a/src/file_riff.c b/src/file_riff.c
index f6cc5ca..dedc297 100644
--- a/src/file_riff.c
+++ b/src/file_riff.c
@@ -259,7 +259,7 @@ static int header_check_riff(const unsigned char *buffer, const unsigned int buf
reset_file_recovery(file_recovery_new);
file_recovery_new->extension="avi";
/* Is it a raw avi stream with Data Binary chunks ? */
- if(size + 4 < buffer_size &&
+ if(size < buffer_size - 4 &&
memcmp(&buffer[size - sizeof(list_movi)], &list_movi, sizeof(list_movi)) ==0 &&
buffer[size+2]=='d' &&
buffer[size+3]=='b')
diff --git a/src/file_zip.c b/src/file_zip.c
index 68f2431..a9dfe92 100644
--- a/src/file_zip.c
+++ b/src/file_zip.c
@@ -880,7 +880,9 @@ static int header_check_winzip(const unsigned char *buffer, const unsigned int b
static unsigned int pos_in_mem(const unsigned char *haystack, const unsigned int haystack_size, const unsigned char *needle, const unsigned int needle_size)
{
unsigned int i;
- for(i=0;i<haystack_size;i++)
+ if(haystack_size < needle_size)
+ return 0;
+ for(i=0; i <= haystack_size - needle_size; i++)
if(memcmp(&haystack[i],needle,needle_size)==0)
return (i+needle_size);
return 0;