From: Piotr Kosko/Native/Web API (PLT) /SRPOL/Engineer/Samsung Electronics
Date: Mon, 10 Feb 2020 12:22:35 +0000 (+0100)
Subject: [Filesystem] Fixing SVACE issue 423267
X-Git-Tag: accepted/tizen/unified/20200213.121556^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8b5cff6c0a2ed9b92b8172fb0ecdfb99f40db9f6;p=platform%2Fcore%2Fapi%2Fwebapi-plugins.git
[Filesystem] Fixing SVACE issue 423267
Preventing integer overflow during subtraction.
Change-Id: I5ea92045a0b3b12641cba8c05de914f71997dae9
---
diff --git a/src/filesystem/filesystem_instance.cc b/src/filesystem/filesystem_instance.cc
index ffea27a..0e71a14 100644
--- a/src/filesystem/filesystem_instance.cc
+++ b/src/filesystem/filesystem_instance.cc
@@ -335,13 +335,15 @@ static std::vector read_file(std::string path, long offset = 0,
}
};
- if (0 != offset && 0 != std::fseek(file, offset, SEEK_SET)) {
+ auto size = file_size(file);
+ if (offset < 0 || size <= (size_t)offset ||
+ (0 != offset && 0 != std::fseek(file, offset, SEEK_SET))) {
std::string err_msg = std::string("Cannot perform seek. ") + GetErrorString(errno);
throw std::system_error{errno, std::generic_category(), err_msg};
}
if (NPOS == length) {
- length = file_size(file) - offset;
+ length = size - offset;
}
return read_file(file, length);