lee/renderdoc
1
0
Fork 0
mirror of https://github.com/baldurk/renderdoc.git synced 2026-05-29 21:30:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prevent a crash when receiving a corrupt rdc file

Browse Source 
It is possible to read a large value into compSize, and consequently read
a large number of bytes into m_CompressBuffer, which can only hold 64k,
which would lead to a crash.
This commit is contained in:
akharlamov
2018-11-12 16:18:01 -08:00
committed by Baldur Karlsson
parent f2e68f1d31
commit 691c115946
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
renderdoc/serialise/lz4io.cpp
+10
View File
@@ -256,10 +256,20 @@ bool LZ4Decompressor::FillPage0()
bool success = true;
success &= m_Read->Read(compSize);
if(!success || compSize < 0 || compSize > (int)LZ4_COMPRESSBOUND(lz4BlockSize))
{
RDCERR("Error reading size: %i", compSize);
FreeAlignedBuffer(m_Page[0]);
FreeAlignedBuffer(m_Page[1]);
FreeAlignedBuffer(m_CompressBuffer);
m_Page[0] = m_Page[1] = m_CompressBuffer = NULL;
return false;
}
success &= m_Read->Read(m_CompressBuffer, compSize);
if(!success)
{
RDCERR("Error reading block: %i", compSize);
FreeAlignedBuffer(m_Page[0]);
FreeAlignedBuffer(m_Page[1]);
FreeAlignedBuffer(m_CompressBuffer);