From 5e9d8f010202311e37b16ceac893802c25c424d2 Mon Sep 17 00:00:00 2001 From: Andy McFadden Date: Mon, 3 Aug 2020 13:47:42 -0700 Subject: [PATCH] Fix crash in IsSCAssem The test for "is this an S-C Assembler source file" tried to dereference a null pointer when asked to examine a file with a zero-length data fork. The test only fires for files with type=INT and auxType=0, so this is pretty hard to hit. The specific failing case had a damaged file with the appropriate file type. Issue #42 --- reformat/Asm.cpp | 6 +++++- reformat/Reformat.h | 4 ++-- reformat/ReformatBase.h | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/reformat/Asm.cpp b/reformat/Asm.cpp index b760a19..7ea5d1b 100644 --- a/reformat/Asm.cpp +++ b/reformat/Asm.cpp @@ -81,7 +81,11 @@ void ReformatSCAssem::Examine(ReformatHolder* pHolder) long srcLen = pHolder->GetSourceLen(ReformatHolder::kPartData); int len; - len = *ptr; + if (srcLen < 1) { + return false; + } + + len = *ptr; // get length byte if (len == 0 || len > srcLen) return false; // should return an error, really if (ptr[len-1] == 0x00) { diff --git a/reformat/Reformat.h b/reformat/Reformat.h index b90733e..0516abc 100644 --- a/reformat/Reformat.h +++ b/reformat/Reformat.h @@ -208,7 +208,7 @@ public: for (i = 0; i < kReformatMAX; i++) fApplies[part][i] = kApplicUnknown; fSourceBuf[part] = NULL; - fSourceLen[part] = NULL; + fSourceLen[part] = 0; fErrorBuf[part] = NULL; } for (i = 0; i < kReformatMAX; i++) { @@ -356,7 +356,7 @@ private: char* fNameExt; // guaranteed non-NULL /* input goes here */ - uint8_t* fSourceBuf[kPartMAX]; + uint8_t* fSourceBuf[kPartMAX]; long fSourceLen[kPartMAX]; char* fErrorBuf[kPartMAX]; diff --git a/reformat/ReformatBase.h b/reformat/ReformatBase.h index 4b92176..c40f85f 100644 --- a/reformat/ReformatBase.h +++ b/reformat/ReformatBase.h @@ -139,7 +139,7 @@ private: /* * Abstract base class for reformatting a graphics file into a - * device-independent bitmap.. + * device-independent bitmap. */ class ReformatGraphics: public Reformat { public: