Fix potential out of bounds read.

The check was only done when not memory mapped, so there was a potential out of bounds read. In addition the check only printed an error, and didn't return and went ahead with the erronous read. The 'loc' variable is indirectly read from the file, so in case the history file is corrupted this could potentially lead to a crash. Found by Coverity. REVIEW: 128153
10 years ago · c026b0e4b1
parent 947342e333
commit c026b0e4b1
1 changed files with 5 additions and 2 deletions
--- a/src/History.cpp
+++ b/src/History.cpp
@ -158,14 +158,17 @@ void HistoryFile::get(unsigned char* buffer, int size, int loc)
    if (!_fileMap && _readWriteBalance < MAP_THRESHOLD)
        map();

+    if (loc < 0 || size < 0 || loc + size > _length) {
+        fprintf(stderr, "getHist(...,%d,%d): invalid args.\n", size, loc);
+        return;
+    }
+
    if (_fileMap) {
        for (int i = 0; i < size; i++)
            buffer[i] = _fileMap[loc + i];
    } else {
        int rc = 0;

-        if (loc < 0 || size < 0 || loc + size > _length)
-            fprintf(stderr, "getHist(...,%d,%d): invalid args.\n", size, loc);
        rc = QT_LSEEK(_fd, loc, SEEK_SET);
        if (rc < 0) {
            perror("HistoryFile::get.seek");