From 21ee0e79e90c3cf63613bc1a00a609cfaf1777b2 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Sun, 17 Apr 2016 16:36:32 +0200 Subject: isofs: make superblock detection more robust * isofs/isofs.h (disk_image_len): New variable. * isofs/main.c (read_sblock): Avoid out of bounds access. * isofs/pager.c (disk_image_len): New variable. (create_disk_pager): Initialize 'disk_image_len'. --- isofs/main.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'isofs/main.c') diff --git a/isofs/main.c b/isofs/main.c index 95c90fe8..c07cf3ff 100644 --- a/isofs/main.c +++ b/isofs/main.c @@ -72,17 +72,13 @@ static void read_sblock () { struct voldesc *vd; - error_t err; struct sblock * volatile sb = 0; - err = diskfs_catch_exception (); - if (err) - error (4, err, "reading superblock"); - /* Start at logical sector 16 and keep going until we find a matching superblock */ for (vd = disk_image + (logical_sector_size * 16); - (void *) vd < disk_image + (logical_sector_size * 500); /* for sanity */ + (void *) vd < disk_image + (logical_sector_size * 500) /* for sanity */ + && (void *) vd + logical_sector_size < disk_image + disk_image_len; vd = (void *) vd + logical_sector_size) { if (vd->type == VOLDESC_END) @@ -105,7 +101,6 @@ read_sblock () if (!sblock) error (1, errno, "Could not allocate memory for superblock"); memcpy (sblock, sb, sizeof (struct sblock)); - diskfs_end_catch_exception (); /* Parse some important bits of this */ logical_block_size = isonum_723 (sblock->blksize); -- cgit v1.2.3