From 8b5cff6c0a2ed9b92b8172fb0ecdfb99f40db9f6 Mon Sep 17 00:00:00 2001
From: "Piotr Kosko/Native/Web API (PLT) /SRPOL/Engineer/Samsung Electronics"
Date: Mon, 10 Feb 2020 13:22:35 +0100
Subject: [PATCH] [Filesystem] Fixing SVACE issue 423267
Preventing integer overflow during subtraction.
Change-Id: I5ea92045a0b3b12641cba8c05de914f71997dae9
---
src/filesystem/filesystem_instance.cc | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/filesystem/filesystem_instance.cc b/src/filesystem/filesystem_instance.cc
index ffea27a..0e71a14 100644
--- a/src/filesystem/filesystem_instance.cc
+++ b/src/filesystem/filesystem_instance.cc
@@ -335,13 +335,15 @@ static std::vector read_file(std::string path, long offset = 0,
}
};
- if (0 != offset && 0 != std::fseek(file, offset, SEEK_SET)) {
+ auto size = file_size(file);
+ if (offset < 0 || size <= (size_t)offset ||
+ (0 != offset && 0 != std::fseek(file, offset, SEEK_SET))) {
std::string err_msg = std::string("Cannot perform seek. ") + GetErrorString(errno);
throw std::system_error{errno, std::generic_category(), err_msg};
}
if (NPOS == length) {
- length = file_size(file) - offset;
+ length = size - offset;
}
return read_file(file, length);
--
2.7.4