diff options
| author | Michael West <michael.west@ettus.com> | 2013-10-28 12:38:08 -0700 |
|---|---|---|
| committer | Michael West <michael.west@ettus.com> | 2013-10-28 12:38:08 -0700 |
| commit | f806f6a8031a7f9cf5eacbe858bfa8aa95d21dd4 (patch) | |
| tree | cc6d4db065b0bd48705d2887d69739ec6e4eaddc /host | |
| parent | 2441206b580b86405eb50416f98a80578d1bf03c (diff) | |
| download | uhd-f806f6a8031a7f9cf5eacbe858bfa8aa95d21dd4.tar.gz uhd-f806f6a8031a7f9cf5eacbe858bfa8aa95d21dd4.tar.bz2 uhd-f806f6a8031a7f9cf5eacbe858bfa8aa95d21dd4.zip | |
CID 1104329: Fixed untrusted loop bound.
CID 1104327: Fixed untrusted value as argument.
Diffstat (limited to 'host')
| -rw-r--r-- | host/lib/usrp/common/fx2_ctrl.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/host/lib/usrp/common/fx2_ctrl.cpp b/host/lib/usrp/common/fx2_ctrl.cpp index 6111efea9..1cacc45cf 100644 --- a/host/lib/usrp/common/fx2_ctrl.cpp +++ b/host/lib/usrp/common/fx2_ctrl.cpp @@ -119,6 +119,9 @@ bool parse_record(std::string *record, unsigned int &len, std::istringstream(record->substr(3, 4)) >> std::hex >> addr; std::istringstream(record->substr(7, 2)) >> std::hex >> type; + if (len >2 * (record->length() - 9)) // sanity check to prevent buffer overrun + return false; + for (i = 0; i < len; i++) { std::istringstream(record->substr(9 + 2 * i, 2)) >> std::hex >> val; data[i] = (unsigned char) val; @@ -181,6 +184,9 @@ public: std::string record; file >> record; + if (!record.length() > 0) + continue; + //check for valid record if (not checksum(&record) or not parse_record(&record, len, addr, type, data)) { throw uhd::io_error("usrp_load_firmware: bad record checksum"); |