Show More
| @@ -225,7 +225,7 b' static struct flist *decode(char *bin, i' | |||
|
|
225 | 225 | { |
|
|
226 | 226 | struct flist *l; |
|
|
227 | 227 | struct frag *lt; |
|
|
228 | char *end = bin + len; | |
|
|
228 | char *data = bin + 12, *end = bin + len; | |
|
|
229 | 229 | char decode[12]; /* for dealing with alignment issues */ |
|
|
230 | 230 | |
|
|
231 | 231 | /* assume worst case size, we won't have many of these lists */ |
| @@ -235,13 +235,18 b' static struct flist *decode(char *bin, i' | |||
|
|
235 | 235 | |
|
|
236 | 236 | lt = l->tail; |
|
|
237 | 237 | |
|
|
238 |
while ( |
|
|
|
238 | while (data <= end) { | |
|
|
239 | 239 | memcpy(decode, bin, 12); |
|
|
240 | 240 | lt->start = ntohl(*(uint32_t *)decode); |
|
|
241 | 241 | lt->end = ntohl(*(uint32_t *)(decode + 4)); |
|
|
242 | 242 | lt->len = ntohl(*(uint32_t *)(decode + 8)); |
|
|
243 | lt->data = bin + 12; | |
|
|
244 | bin += 12 + lt->len; | |
|
|
243 | if (lt->start > lt->end) | |
|
|
244 | break; /* sanity check */ | |
|
|
245 | bin = data + lt->len; | |
|
|
246 | if (bin < data) | |
|
|
247 | break; /* big data + big (bogus) len can wrap around */ | |
|
|
248 | lt->data = data; | |
|
|
249 | data = bin + 12; | |
|
|
245 | 250 | lt++; |
|
|
246 | 251 | } |
|
|
247 | 252 | |
| @@ -371,20 +376,26 b' patchedsize(PyObject *self, PyObject *ar' | |||
|
|
371 | 376 | { |
|
|
372 | 377 | long orig, start, end, len, outlen = 0, last = 0; |
|
|
373 | 378 | int patchlen; |
|
|
374 | char *bin, *binend; | |
|
|
379 | char *bin, *binend, *data; | |
|
|
375 | 380 | char decode[12]; /* for dealing with alignment issues */ |
|
|
376 | 381 | |
|
|
377 | 382 | if (!PyArg_ParseTuple(args, "ls#", &orig, &bin, &patchlen)) |
|
|
378 | 383 | return NULL; |
|
|
379 | 384 | |
|
|
380 | 385 | binend = bin + patchlen; |
|
|
386 | data = bin + 12; | |
|
|
381 | 387 | |
|
|
382 |
while ( |
|
|
|
388 | while (data <= binend) { | |
|
|
383 | 389 | memcpy(decode, bin, 12); |
|
|
384 | 390 | start = ntohl(*(uint32_t *)decode); |
|
|
385 | 391 | end = ntohl(*(uint32_t *)(decode + 4)); |
|
|
386 | 392 | len = ntohl(*(uint32_t *)(decode + 8)); |
|
|
387 | bin += 12 + len; | |
|
|
393 | if (start > end) | |
|
|
394 | break; /* sanity check */ | |
|
|
395 | bin = data + len; | |
|
|
396 | if (bin < data) | |
|
|
397 | break; /* big data + big (bogus) len can wrap around */ | |
|
|
398 | data = bin + 12; | |
|
|
388 | 399 | outlen += start - last; |
|
|
389 | 400 | last = end; |
|
|
390 | 401 | outlen += len; |
General Comments 0
You need to be logged in to leave comments.
Login now