From 9d3ed51005a5c73d6888f7f3b66bba21ed1b1f23 Mon Sep 17 00:00:00 2001 From: Andy McFadden Date: Fri, 14 Mar 2003 17:30:16 +0000 Subject: [PATCH] Catch bad codes immediately. --- nufxlib-0/Lzw.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/nufxlib-0/Lzw.c b/nufxlib-0/Lzw.c index 49dec17..519ddf7 100644 --- a/nufxlib-0/Lzw.c +++ b/nufxlib-0/Lzw.c @@ -1014,6 +1014,13 @@ Nu_ExpandLZW1(LZWExpandState* lzwState, uint expectedLen) /* handle KwKwK case */ if (ptr >= entry) { + //DBUG_LZW(("### KwKwK (ptr=%d entry=%d)\n", ptr, entry)); + if (ptr != entry) { + /* bad code -- this would make us read uninitialized data */ + DBUG(("--- bad code (ptr=%d entry=%d)\n", ptr, entry)); + err = kNuErrBadData; + return err; + } Nu_LZWPush((uchar)finalc); ptr = oldcode; } @@ -1145,12 +1152,19 @@ clear_table: main_loop: while (outbuf < outbufend) { incode = ptr = Nu_LZWGetCode(&inbuf, entry, &atBit, &lastByte); - /*DBUG_LZW(("### read incode=0x%04x\n", incode));*/ + //DBUG_LZW(("### read incode=0x%04x\n", incode)); if (incode == kNuLZWClearCode) /* table clear - 0x0100 */ goto clear_table; /* handle KwKwK case */ if (ptr >= entry) { + //DBUG_LZW(("### KwKwK (ptr=%d entry=%d)\n", ptr, entry)); + if (ptr != entry) { + /* bad code -- this would make us read uninitialized data */ + DBUG(("--- bad code (ptr=%d entry=%d)\n", ptr, entry)); + err = kNuErrBadData; + return err; + } Nu_LZWPush((uchar)finalc); ptr = oldcode; } @@ -1183,7 +1197,13 @@ main_loop: bail: /*DBUG_LZW(("### end of block\n"));*/ - Assert(inbuf == inbufend); + if (inbuf != inbufend) { + /* data was corrupted; if we keep going this will get worse */ + DBUG(("--- inbuf != inbufend in ExpandLZW2 (diff=%d)\n", + inbufend - inbuf)); + err = kNuErrBadData; + return err; + } Assert(outbuf == outbufend); /* adjust input buffer */