Fix several problems in Flatten() that could potentially lead to overflows
and/or crashes if given a smaller buffer size than the Flatten operation actually required. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@42282 a95241bf-73f2-0310-859d-f6bbb57e9c96
This commit is contained in:
Rene Gollent
parent
3270af3ca7
commit
46b619c39d
|
|
@ -1011,21 +1011,20 @@ BMessage::Flatten(char *buffer, ssize_t size) const
|
|||
if (fHeader == NULL)
|
||||
return B_NO_INIT;
|
||||
|
||||
if (size < FlattenedSize())
|
||||
return B_BUFFER_OVERFLOW;
|
||||
|
||||
/* we have to sync the what code as it is a public member */
|
||||
fHeader->what = what;
|
||||
|
||||
memcpy(buffer, fHeader, min_c(sizeof(message_header), (size_t)size));
|
||||
memcpy(buffer, fHeader, sizeof(message_header));
|
||||
buffer += sizeof(message_header);
|
||||
size -= sizeof(message_header);
|
||||
|
||||
size_t fieldsSize = fHeader->field_count * sizeof(field_header);
|
||||
memcpy(buffer, fFields, min_c(fieldsSize, (size_t)size));
|
||||
memcpy(buffer, fFields, fieldsSize);
|
||||
buffer += fieldsSize;
|
||||
size -= fieldsSize;
|
||||
|
||||
memcpy(buffer, fData, min_c(fHeader->data_size, (size_t)size));
|
||||
if ((size_t)size < fHeader->data_size)
|
||||
return B_BUFFER_OVERFLOW;
|
||||
memcpy(buffer, fData, fHeader->data_size);
|
||||
|
||||
return B_OK;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue