Add check for valid range on buffers

Protects crashes on reading and writing of buffer if range is accessed beyond buffer size.
linkedin · Mar 3, 2021 · 5f1bd9b · 5f1bd9b
1 parent e70a147
commit 5f1bd9b
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/Cassette/CASQueueFile.m b/Cassette/CASQueueFile.m
@@ -504,15 +504,23 @@ - (NSUInteger)usedBytes {
  * Stores a 32-bit integer @c value in the @c buffer at the given @c offset.
  */
 void writeInt(NSMutableData *buffer, NSUInteger offset, uint32_t value) {
-    [buffer replaceBytesInRange:NSMakeRange(offset, 4) withBytes:&value];
+    BOOL hasValidRange = buffer.length >= offset + 4;
+    NSCAssert(hasValidRange, @"write failed, range:(%lui,%lui) outside of buffer size:%lui", offset, offset+4,  buffer.length);
+    if (hasValidRange) {
+        [buffer replaceBytesInRange:NSMakeRange(offset, 4) withBytes:&value];
+    }
 }
 
 /**
  * Reads a 32-bit integer value from the @c buffer at @c offset.
  */
 NSUInteger readUnsignedInt(NSData *buffer, NSUInteger offset) {
-    uint32_t value;
-    [buffer getBytes:&value range:NSMakeRange(offset, 4)];
+    uint32_t value = 0;
+    BOOL hasValidRange = buffer.length >= offset + 4;
+    NSCAssert(hasValidRange, @"read failed, range:(%lui,%lui) outside of buffer size:%lui", offset, offset+4,  buffer.length);
+    if (hasValidRange) {
+        [buffer getBytes:&value range:NSMakeRange(offset, 4)];
+    }
     return value;
 }