StarMirror/toxcore
1
0
Fork 0
mirror of https://github.com/irungentoo/toxcore.git synced 2024-03-22 13:30:51 +08:00
Code Issues Projects Releases Wiki Activity

fix: out-of-memory condition by corrupted save file

Browse Source 
Don't allocate the memory trusting the values in a toxsave file.
This commit is contained in:
sudden6 2022-02-21 12:31:21 +01:00
parent 12dbafbd18
commit fff2b1c4e7
No known key found for this signature in database
GPG Key ID: 279509B499E032B9
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
toxcore/group.c
View File

@ -3426,15 +3426,6 @@ static uint32_t load_group(Group_c *g, const Group_Chats *g_c, const uint8_t *da
lendian_bytes_to_host32(&g->numfrozen, data); lendian_bytes_to_host32(&g->numfrozen, data);
data += sizeof(uint32_t); data += sizeof(uint32_t);
if (g->numfrozen > 0) {
g->frozen = (Group_Peer *)calloc(g->numfrozen, sizeof(Group_Peer));
if (g->frozen == nullptr) {
// Memory allocation failure
return 0;
}
}
g->title_len = *data; g->title_len = *data;
if (g->title_len > MAX_NAME_LENGTH) { if (g->title_len > MAX_NAME_LENGTH) {
@ -3460,6 +3451,16 @@ static uint32_t load_group(Group_c *g, const Group_Chats *g_c, const uint8_t *da
return 0; return 0;
} }
// This is inefficient, but allows us to check data consistency before allocating memory
Group_Peer *tmp_frozen = (Group_Peer *)realloc(g->frozen, (j + 1) * sizeof(Group_Peer));
if (tmp_frozen == nullptr) {
// Memory allocation failure
return 0;
}
g->frozen = tmp_frozen;
Group_Peer *peer = &g->frozen[j]; Group_Peer *peer = &g->frozen[j];
memset(peer, 0, sizeof(Group_Peer)); memset(peer, 0, sizeof(Group_Peer));