verify_swm_set(): Decrease scope of parts_to_swms
authorEric Biggers <ebiggers3@gmail.com>
Sun, 3 Mar 2013 22:12:10 +0000 (16:12 -0600)
committerEric Biggers <ebiggers3@gmail.com>
Sun, 3 Mar 2013 22:12:10 +0000 (16:12 -0600)
src/verify.c

index b6bdbe63b8ae68acd5821bc9c462454e545c36b5..777a6e0c7f06ff6f9165391e8d4d66985a0320ef 100644 (file)
@@ -314,48 +314,54 @@ int verify_swm_set(WIMStruct *w, WIMStruct **additional_swms,
        ctype = wimlib_get_compression_type(w);
        guid = w->hdr.guid;
 
        ctype = wimlib_get_compression_type(w);
        guid = w->hdr.guid;
 
-       WIMStruct *parts_to_swms[num_additional_swms];
-       ZERO_ARRAY(parts_to_swms);
-       for (unsigned i = 0; i < num_additional_swms; i++) {
+       {
+               /* parts_to_swms is not allocated at function scope because it
+                * should only be allocated after num_additional_swms was
+                * checked to be the same as w->hdr.total_parts.  Otherwise, it
+                * could be unexpectedly high and cause a stack overflow. */
+               WIMStruct *parts_to_swms[num_additional_swms];
+               ZERO_ARRAY(parts_to_swms);
+               for (unsigned i = 0; i < num_additional_swms; i++) {
 
 
-               WIMStruct *swm = additional_swms[i];
+                       WIMStruct *swm = additional_swms[i];
 
 
-               if (wimlib_get_compression_type(swm) != ctype) {
-                       ERROR("The split WIMs do not all have the same "
-                             "compression type");
-                       return WIMLIB_ERR_SPLIT_INVALID;
-               }
-               if (memcmp(guid, swm->hdr.guid, WIM_GID_LEN) != 0) {
-                       ERROR("The split WIMs do not all have the same "
-                             "GUID");
-                       return WIMLIB_ERR_SPLIT_INVALID;
-               }
-               if (swm->hdr.part_number == 1) {
-                       ERROR("WIMs `%s' and `%s' both are marked as the "
-                             "first WIM in the spanned set",
-                             w->filename, swm->filename);
-                       return WIMLIB_ERR_SPLIT_INVALID;
-               }
-               if (swm->hdr.part_number == 0 ||
-                   swm->hdr.part_number > total_parts)
-               {
-                       ERROR("WIM `%s' says it is part %u in the spanned set, "
-                             "but the part number must be in the range "
-                             "[1, %u]",
-                             swm->filename, swm->hdr.part_number, total_parts);
-                       return WIMLIB_ERR_SPLIT_INVALID;
-               }
-               if (parts_to_swms[swm->hdr.part_number - 2])
-               {
-                       ERROR("`%s' and `%s' are both marked as part %u of %u "
-                             "in the spanned set",
-                             parts_to_swms[swm->hdr.part_number - 2]->filename,
-                             swm->filename,
-                             swm->hdr.part_number,
-                             total_parts);
-                       return WIMLIB_ERR_SPLIT_INVALID;
-               } else {
-                       parts_to_swms[swm->hdr.part_number - 2] = swm;
+                       if (wimlib_get_compression_type(swm) != ctype) {
+                               ERROR("The split WIMs do not all have the same "
+                                     "compression type");
+                               return WIMLIB_ERR_SPLIT_INVALID;
+                       }
+                       if (memcmp(guid, swm->hdr.guid, WIM_GID_LEN) != 0) {
+                               ERROR("The split WIMs do not all have the same "
+                                     "GUID");
+                               return WIMLIB_ERR_SPLIT_INVALID;
+                       }
+                       if (swm->hdr.part_number == 1) {
+                               ERROR("WIMs `%s' and `%s' both are marked as the "
+                                     "first WIM in the spanned set",
+                                     w->filename, swm->filename);
+                               return WIMLIB_ERR_SPLIT_INVALID;
+                       }
+                       if (swm->hdr.part_number == 0 ||
+                           swm->hdr.part_number > total_parts)
+                       {
+                               ERROR("WIM `%s' says it is part %u in the spanned set, "
+                                     "but the part number must be in the range "
+                                     "[1, %u]",
+                                     swm->filename, swm->hdr.part_number, total_parts);
+                               return WIMLIB_ERR_SPLIT_INVALID;
+                       }
+                       if (parts_to_swms[swm->hdr.part_number - 2])
+                       {
+                               ERROR("`%s' and `%s' are both marked as part %u of %u "
+                                     "in the spanned set",
+                                     parts_to_swms[swm->hdr.part_number - 2]->filename,
+                                     swm->filename,
+                                     swm->hdr.part_number,
+                                     total_parts);
+                               return WIMLIB_ERR_SPLIT_INVALID;
+                       } else {
+                               parts_to_swms[swm->hdr.part_number - 2] = swm;
+                       }
                }
        }
        return 0;
                }
        }
        return 0;