X-Git-Url: https://wimlib.net/git/?a=blobdiff_plain;f=src%2Ftagged_items.c;h=723773f94be3e678afe6c0f88bae6a3355a961ce;hb=a4123fea556d6c362318212127e25846981ea190;hp=e3ba53f496612c7d95e8dabaa12d3512865edca6;hpb=5731558efd18b5199e0b63de16cf6b11a652104e;p=wimlib

diff --git a/src/tagged_items.c b/src/tagged_items.c
index e3ba53f4..723773f9 100644
--- a/src/tagged_items.c
+++ b/src/tagged_items.c
@@ -44,12 +44,7 @@ struct tagged_item_header {
 	le32 tag;
 
 	/* Size of the data of this tagged item, in bytes.  This excludes this
-	 * header and should be a multiple of 8.
-	 *
-	 * (Actually, the MS implementation seems to round this up to an 8 byte
-	 * boundary when calculating the offset to the next tagged item, but
-	 * uses this length unmodified when validating the item.  We might as
-	 * well do the same.)  */
+	 * header and should be a multiple of 8.  */
 	le32 length;
 
 	/* Variable length data  */
@@ -79,8 +74,14 @@ inode_get_tagged_item(const struct wim_inode *inode,
 		      u32 desired_tag, u32 min_data_len)
 {
 	size_t minlen_with_hdr = sizeof(struct tagged_item_header) + min_data_len;
-	size_t len_remaining = inode->i_extra_size;
-	u8 *p = inode->i_extra;
+	size_t len_remaining;
+	u8 *p;
+
+	if (!inode->i_extra)
+		return NULL;
+
+	len_remaining = inode->i_extra->size;
+	p = inode->i_extra->data;
 
 	/* Iterate through the tagged items.  */
 	while (len_remaining >= minlen_with_hdr) {
@@ -90,14 +91,16 @@ inode_get_tagged_item(const struct wim_inode *inode,
 
 		hdr = (struct tagged_item_header *)p;
 		tag = le32_to_cpu(hdr->tag);
-		len = le32_to_cpu(hdr->length);
+		len = ALIGN(le32_to_cpu(hdr->length), 8);
 
+		/* Length overflow?  */
+		if (unlikely(len > len_remaining - sizeof(struct tagged_item_header)))
+			return NULL;
+
+		/* Matches the item we wanted?  */
 		if (tag == desired_tag && len >= min_data_len)
 			return hdr->data;
 
-		len = (len + 7) & ~7;
-		if (len_remaining <= sizeof(struct tagged_item_header) + len)
-			return NULL;
 		len_remaining -= sizeof(struct tagged_item_header) + len;
 		p += sizeof(struct tagged_item_header) + len;
 	}
@@ -111,29 +114,31 @@ inode_add_tagged_item(struct wim_inode *inode, u32 tag, u32 len)
 {
 	size_t itemsize;
 	size_t newsize;
-	u8 *buf;
+	struct wim_inode_extra *extra;
 	struct tagged_item_header *hdr;
 
 	/* We prepend the item instead of appending it because it's easier.  */
 
-	itemsize = sizeof(struct tagged_item_header) + ((len + 7) & ~7);
-	newsize = itemsize + inode->i_extra_size;
+	itemsize = sizeof(struct tagged_item_header) + ALIGN(len, 8);
+	newsize = itemsize;
+	if (inode->i_extra)
+		newsize += inode->i_extra->size;
 
-	buf = MALLOC(newsize);
-	if (!buf)
+	extra = MALLOC(sizeof(struct wim_inode_extra) + newsize);
+	if (!extra)
 		return NULL;
-
-	if (inode->i_extra_size) {
-		memcpy(buf + itemsize, inode->i_extra, inode->i_extra_size);
+	if (inode->i_extra) {
+		memcpy(&extra->data[itemsize], inode->i_extra->data,
+		       inode->i_extra->size);
 		FREE(inode->i_extra);
 	}
-	inode->i_extra = buf;
-	inode->i_extra_size = newsize;
+	extra->size = newsize;
+	inode->i_extra = extra;
 
-	hdr = (struct tagged_item_header *)buf;
+	hdr = (struct tagged_item_header *)extra->data;
 	hdr->tag = cpu_to_le32(tag);
 	hdr->length = cpu_to_le32(len);
-	return memset(hdr->data, 0, (len + 7) & ~7);
+	return memset(hdr->data, 0, ALIGN(len, 8));
 }
 
 static inline struct wimlib_unix_data_disk *