summaryrefslogtreecommitdiff
path: root/src/lib/eet_data.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/eet_data.c')
-rw-r--r--src/lib/eet_data.c31
1 files changed, 31 insertions, 0 deletions
diff --git a/src/lib/eet_data.c b/src/lib/eet_data.c
index c5ae621..1eb822a 100644
--- a/src/lib/eet_data.c
+++ b/src/lib/eet_data.c
@@ -1946,6 +1946,37 @@ eet_data_descriptor_element_add(Eet_Data_Descriptor *edd,
Eet_Data_Element *ede;
Eet_Data_Element *tmp;
+ /* Sanity check to avoid crash later at runtime */
+ if (type < EET_T_UNKNOW ||
+ type >= EET_T_LAST)
+ {
+ CRIT("Preventing later bug due to unknow type: %i", type);
+ return ;
+ }
+ if (offset < 0)
+ {
+ CRIT("Preventing later buffer underrun : offset = %i", offset);
+ return ;
+ }
+ if (offset > edd->size)
+ {
+ CRIT("Preventing later buffer overrun : offset = %i in a structure of %i bytes", offset, edd->size);
+ return ;
+ }
+ if (group_type == EET_G_UNKNOWN && type != EET_T_UNKNOW)
+ {
+ if (offset + eet_basic_codec[type - 1].size > edd->size)
+ {
+ CRIT("Preventing later buffer overrun : offset = %i, size = %i in a structure of %i bytes", offset, eet_basic_codec[type - 1].size, edd->size);
+ return ;
+ }
+ }
+ else if ((offset + sizeof (void*)) > (unsigned int) edd->size)
+ {
+ CRIT("Preventing later buffer overrun : offset = %i, estimated size = %i in a structure of %i bytes", offset, sizeof (void*), edd->size);
+ return ;
+ }
+
/* UNION, VARIANT type would not work with simple type, we need a way to map the type. */
if ((group_type == EET_G_UNION
|| group_type == EET_G_VARIANT)
View Lorry Controller Status