From: cedric <cedric>
Date: Mon, 16 Jul 2012 10:38:37 +0000 (+0000)
Subject: eet: detect overrun and underrun before everything goes wrong.
X-Git-Tag: submit/2.0alpha-wayland/20121127.222001~34
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=00525700bf2da65bcfa5ed251e0078edfd36b41d;p=profile%2Fivi%2Feet.git

eet: detect overrun and underrun before everything goes wrong.


git-svn-id: http://svn.enlightenment.org/svn/e/trunk/eet@73919 7cbeb6ba-43b4-40fd-8cce-4c39aea84d33
---

diff --git a/ChangeLog b/ChangeLog
index 94a51eb..18d8ff2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -602,3 +602,7 @@
 2012-06-27  Leandro Santiago
 
 	* Fix crash when cyphering huge amount of data.
+
+2012-07-16  Cedric Bail
+
+	* Add code to detect overrun and underrun in eet_data_descriptor_element_add.
diff --git a/NEWS b/NEWS
index 9506fad..6a08a57 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,9 @@ Eet 1.7.0
 Changes since Eet 1.6.0:
 --------------------------
 
+Additions:
+    * Add code to detect overrun and underrun during Eet Data Descriptor setup.
+
 Fixes:
     * Force destruction of all pending file when shuting down eet.
     * Make eet_dictionary thread safe.
diff --git a/src/lib/eet_data.c b/src/lib/eet_data.c
index c5ae621..1eb822a 100644
--- a/src/lib/eet_data.c
+++ b/src/lib/eet_data.c
@@ -1946,6 +1946,37 @@ eet_data_descriptor_element_add(Eet_Data_Descriptor *edd,
    Eet_Data_Element *ede;
    Eet_Data_Element *tmp;
 
+   /* Sanity check to avoid crash later at runtime */
+   if (type < EET_T_UNKNOW ||
+       type >= EET_T_LAST)
+     {
+        CRIT("Preventing later bug due to unknow type: %i", type);
+        return ;
+     }
+   if (offset < 0)
+     {
+        CRIT("Preventing later buffer underrun : offset = %i", offset);
+        return ;
+     }
+   if (offset > edd->size)
+     {
+        CRIT("Preventing later buffer overrun : offset = %i in a structure of %i bytes", offset, edd->size);
+        return ;
+     }
+   if (group_type == EET_G_UNKNOWN && type != EET_T_UNKNOW)
+     {
+        if (offset + eet_basic_codec[type - 1].size > edd->size)
+          {
+             CRIT("Preventing later buffer overrun : offset = %i, size = %i in a structure of %i bytes", offset, eet_basic_codec[type - 1].size, edd->size);
+             return ;
+          }
+     }
+   else if ((offset + sizeof (void*)) > (unsigned int) edd->size)
+     {
+        CRIT("Preventing later buffer overrun : offset = %i, estimated size = %i in a structure of %i bytes", offset, sizeof (void*), edd->size);
+        return ;
+     }
+
    /* UNION, VARIANT type would not work with simple type, we need a way to map the type. */
    if ((group_type == EET_G_UNION
         || group_type == EET_G_VARIANT)