firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-24 15:23:03 +01:00
Code Issues

Avoid negative offsets in case of malformed network packet

Browse Source
This commit is contained in:
AlexPeshkoff 2020-10-29 18:36:51 +03:00
parent 5182ebc4aa
commit e293f86fad
1 changed files with 3 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/common/StatementMetadata.cpp
View File

@ -498,7 +498,7 @@ static int getNumericInfo(const UCHAR** ptr, const UCHAR* bufferEnd)
{ {
fb_assert(bufferEnd - *ptr >= 2); fb_assert(bufferEnd - *ptr >= 2);
const SSHORT len = static_cast<SSHORT>(gds__vax_integer(*ptr, 2)); const USHORT len = static_cast<USHORT>(gds__vax_integer(*ptr, 2));
*ptr += 2; *ptr += 2;
fb_assert(bufferEnd - *ptr >= len); fb_assert(bufferEnd - *ptr >= len);
@ -513,20 +513,13 @@ static void getStringInfo(const UCHAR** ptr, const UCHAR* bufferEnd, string* str
{ {
fb_assert(bufferEnd - *ptr >= 2); fb_assert(bufferEnd - *ptr >= 2);
const UCHAR* p = *ptr; const USHORT len = static_cast<USHORT>(gds__vax_integer(*ptr, 2));
SSHORT len = static_cast<SSHORT>(gds__vax_integer(p, 2));
*ptr += 2; *ptr += 2;
fb_assert(bufferEnd - *ptr >= len); fb_assert(bufferEnd - *ptr >= len);
// CVC: What else can we do here? str->assign(*ptr, len);
if (len < 0)
len = 0;
*ptr += len; *ptr += len;
p += 2;
str->assign(p, len);
} }