Browse code
bb11601 - check array boundaries in unrarvm rarvm_getbits().
Steven Morgan authored on 2016/07/14 03:27:10Showing 1 changed files
| ... | ... |
@@ -215,12 +215,15 @@ unsigned int rarvm_getbits(rarvm_input_t *rarvm_input) |
| 215 | 215 |
{
|
| 216 | 216 |
unsigned int bit_field; |
| 217 | 217 |
|
| 218 |
- bit_field = (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr] << 16; |
|
| 219 |
- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8; |
|
| 220 |
- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2]; |
|
| 221 |
- bit_field >>= (8-rarvm_input->in_bit); |
|
| 218 |
+ if (rarvm_input->in_addr+2 < rarvm_input->buf_size) {
|
|
| 219 |
+ bit_field = (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr] << 16; |
|
| 220 |
+ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8; |
|
| 221 |
+ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2]; |
|
| 222 |
+ bit_field >>= (8-rarvm_input->in_bit); |
|
| 222 | 223 |
|
| 223 |
- return (bit_field & 0xffff); |
|
| 224 |
+ return (bit_field & 0xffff); |
|
| 225 |
+ } |
|
| 226 |
+ return 0; |
|
| 224 | 227 |
} |
| 225 | 228 |
|
| 226 | 229 |
unsigned int rarvm_read_data(rarvm_input_t *rarvm_input) |