mirror/tesseract
1
0
Fork 0
mirror of https://github.com/tesseract-ocr/tesseract.git synced 2024-12-05 02:47:00 +08:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Fix CID 1164702 (Untrusted value as argument)

Browse Source 
Signed-off-by: Stefan Weil <sw@weilnetz.de>
This commit is contained in:
Stefan Weil 2018-07-06 14:54:37 +02:00
parent c1da5fbac4
commit 992031e824
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/ccutil/genericvector.h
View File

@ -945,9 +945,11 @@ bool GenericVector<T>::Serialize(tesseract::TFile* fp) const {
// If swap is true, assumes a big/little-endian swap is needed. // If swap is true, assumes a big/little-endian swap is needed.
template <typename T> template <typename T>
bool GenericVector<T>::DeSerialize(bool swap, FILE* fp) { bool GenericVector<T>::DeSerialize(bool swap, FILE* fp) {
int32_t reserved; uint32_t reserved;
if (fread(&reserved, sizeof(reserved), 1, fp) != 1) return false; if (fread(&reserved, sizeof(reserved), 1, fp) != 1) return false;
if (swap) Reverse32(&reserved); if (swap) Reverse32(&reserved);
// Arbitrarily limit the number of elements to protect against bad data.
if (reserved > UINT16_MAX) return false;
reserve(reserved); reserve(reserved);
size_used_ = reserved; size_used_ = reserved;
if (fread(data_, sizeof(T), size_used_, fp) != unsigned_size()) return false; if (fread(data_, sizeof(T), size_used_, fp) != unsigned_size()) return false;
@ -959,15 +961,17 @@ bool GenericVector<T>::DeSerialize(bool swap, FILE* fp) {
} }
template <typename T> template <typename T>
bool GenericVector<T>::DeSerialize(tesseract::TFile* fp) { bool GenericVector<T>::DeSerialize(tesseract::TFile* fp) {
int32_t reserved; uint32_t reserved;
if (fp->FReadEndian(&reserved, sizeof(reserved), 1) != 1) return false; if (fp->FReadEndian(&reserved, sizeof(reserved), 1) != 1) return false;
// Arbitrarily limit the number of elements to protect against bad data.
if (reserved > UINT16_MAX) return false;
reserve(reserved); reserve(reserved);
size_used_ = reserved; size_used_ = reserved;
return fp->FReadEndian(data_, sizeof(T), size_used_) == size_used_; return fp->FReadEndian(data_, sizeof(T), size_used_) == size_used_;
} }
template <typename T> template <typename T>
bool GenericVector<T>::SkipDeSerialize(tesseract::TFile* fp) { bool GenericVector<T>::SkipDeSerialize(tesseract::TFile* fp) {
int32_t reserved; uint32_t reserved;
if (fp->FReadEndian(&reserved, sizeof(reserved), 1) != 1) return false; if (fp->FReadEndian(&reserved, sizeof(reserved), 1) != 1) return false;
return fp->FRead(nullptr, sizeof(T), reserved) == reserved; return fp->FRead(nullptr, sizeof(T), reserved) == reserved;
} }