Fix checks for huge numbers of images
authorEric Biggers <ebiggers3@gmail.com>
Tue, 13 May 2014 05:50:17 +0000 (00:50 -0500)
committerEric Biggers <ebiggers3@gmail.com>
Tue, 13 May 2014 05:52:03 +0000 (00:52 -0500)
include/wimlib/header.h
src/header.c
src/xml.c

index 62d916f..290e0b2 100644 (file)
@@ -5,6 +5,8 @@
 #include "wimlib/types.h"
 #include "wimlib/endianness.h"
 
+#include <limits.h>
+
 /* Length of "Globally Unique ID" field in WIM header.  */
 #define WIM_GUID_LEN    16
 
@@ -115,6 +117,7 @@ struct wim_header_disk {
        /* +0xd0 (208)  */
 } _packed_attribute;
 
+#define MAX_IMAGES (((INT_MAX < INT32_MAX) ? INT_MAX : INT32_MAX) - 1)
 
 /* In-memory representation of a WIM header.  See `struct wim_header_disk' for
  * field descriptions.  */
index 30b2b13..57cea04 100644 (file)
@@ -141,7 +141,7 @@ read_wim_header(WIMStruct *wim, struct wim_header *hdr)
        DEBUG("part_number = %u, total_parts = %u, image_count = %u",
              hdr->part_number, hdr->total_parts, hdr->image_count);
 
-       if (hdr->image_count >= INT_MAX) {
+       if (unlikely(hdr->image_count > MAX_IMAGES)) {
                ERROR("\"%"TS"\": Invalid image count (%u)",
                      filename, hdr->image_count);
                return WIMLIB_ERR_IMAGE_COUNT;
index 7ff9c61..6233462 100644 (file)
--- a/src/xml.c
+++ b/src/xml.c
@@ -572,8 +572,9 @@ xml_read_wim_info(const xmlNode *wim_node, struct wim_info **wim_info_ret)
        num_images = 0;
        for_node_child(wim_node, child) {
                if (node_is_element(child) && node_name_is(child, "IMAGE")) {
-                       if (num_images == INT_MAX) {
-                               return WIMLIB_ERR_IMAGE_COUNT;
+                       if (unlikely(num_images == MAX_IMAGES)) {
+                               ret = WIMLIB_ERR_IMAGE_COUNT;
+                               goto err;
                        }
                        num_images++;
                }
@@ -623,7 +624,8 @@ xml_read_wim_info(const xmlNode *wim_node, struct wim_info **wim_info_ret)
                                ERROR("WIM images are not indexed [1...%d] "
                                      "in XML data as expected",
                                      num_images);
-                               return WIMLIB_ERR_IMAGE_COUNT;
+                               ret = WIMLIB_ERR_IMAGE_COUNT;
+                               goto err;
                        }
                }