Fix memory safety issues in string handlings (cf #79)

icculus · Mar 25, 2024 · 24499a2 · 24499a2
1 parent 741c4be
commit 24499a2
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 5 deletions.
diff --git a/src/physfs_archiver_csm.c b/src/physfs_archiver_csm.c
@@ -43,17 +43,21 @@ static int csmLoadEntries(PHYSFS_Io *io, const PHYSFS_uint16 count, void *arc)
     for (i = 0; i < count; i++)
     {
     	PHYSFS_uint8 fn_len;
-	char name[12];
+	    char name[12];
         PHYSFS_uint32 size;
         PHYSFS_uint32 pos;
 
         BAIL_IF_ERRPASS(!__PHYSFS_readAll(io, &fn_len, 1), 0);
-        BAIL_IF_ERRPASS(!__PHYSFS_readAll(io, name, 12), 0);
+        BAIL_IF_ERRPASS(!__PHYSFS_readAll(io, name, sizeof(name)), 0);
         BAIL_IF_ERRPASS(!__PHYSFS_readAll(io, &size, 4), 0);
         BAIL_IF_ERRPASS(!__PHYSFS_readAll(io, &pos, 4), 0);
 
-	if(fn_len > 12) fn_len = 12;
-        name[fn_len] = '\0'; /* name might not be null-terminated in file. */
+	    if(fn_len > sizeof(name))
+            fn_len = sizeof(name);
+        if (fn_len > 0)
+            name[fn_len - 1] = '\0'; /* name might not be null-terminated in file. */
+        else
+            name[0] = '\0';
         size = PHYSFS_swapULE32(size);
         pos = PHYSFS_swapULE32(pos);
         BAIL_IF_ERRPASS(!UNPK_addEntry(arc, name, 0, -1, -1, pos, size), 0);

diff --git a/src/physfs_archiver_qpak.c b/src/physfs_archiver_qpak.c
@@ -47,6 +47,8 @@ static int qpakLoadEntries(PHYSFS_Io *io, const PHYSFS_uint32 count, void *arc)
         BAIL_IF_ERRPASS(!__PHYSFS_readAll(io, name, 56), 0);
         BAIL_IF_ERRPASS(!__PHYSFS_readAll(io, &pos, 4), 0);
         BAIL_IF_ERRPASS(!__PHYSFS_readAll(io, &size, 4), 0);
+        /* name must be null terminated, so its length must leave space for null byte  */
+        BAIL_IF_ERRPASS(strnlen(name, sizeof(name)) != sizeof(name), 0);
         size = PHYSFS_swapULE32(size);
         pos = PHYSFS_swapULE32(pos);
         BAIL_IF_ERRPASS(!UNPK_addEntry(arc, name, 0, -1, -1, pos, size), 0);

diff --git a/src/physfs_unicode.c b/src/physfs_unicode.c
@@ -183,7 +183,7 @@ PHYSFS_uint32 __PHYSFS_utf8codepoint(const char **_str)
         if ((octet & (128+64)) != 128)  /* Format isn't 10xxxxxx? */
             return UNICODE_BOGUS_CHAR_VALUE;
 
-        *_str += 6;  /* skip to next possible start of codepoint. */
+        *_str += 5;  /* skip to next possible start of codepoint. */
         return UNICODE_BOGUS_CHAR_VALUE;
     } /* else if */
 

diff --git a/test/unit_unicode.c b/test/unit_unicode.c
@@ -0,0 +1,6 @@
+/**
+ * Unit tests program for PhysicsFS's unicode functions.
+ *
+ * Please see the file LICENSE.txt in the source's root directory.
+ */
+