From f806f6a8031a7f9cf5eacbe858bfa8aa95d21dd4 Mon Sep 17 00:00:00 2001 From: Michael West Date: Mon, 28 Oct 2013 12:38:08 -0700 Subject: CID 1104329: Fixed untrusted loop bound. CID 1104327: Fixed untrusted value as argument. --- host/lib/usrp/common/fx2_ctrl.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/host/lib/usrp/common/fx2_ctrl.cpp b/host/lib/usrp/common/fx2_ctrl.cpp index 6111efea9..1cacc45cf 100644 --- a/host/lib/usrp/common/fx2_ctrl.cpp +++ b/host/lib/usrp/common/fx2_ctrl.cpp @@ -119,6 +119,9 @@ bool parse_record(std::string *record, unsigned int &len, std::istringstream(record->substr(3, 4)) >> std::hex >> addr; std::istringstream(record->substr(7, 2)) >> std::hex >> type; + if (len >2 * (record->length() - 9)) // sanity check to prevent buffer overrun + return false; + for (i = 0; i < len; i++) { std::istringstream(record->substr(9 + 2 * i, 2)) >> std::hex >> val; data[i] = (unsigned char) val; @@ -181,6 +184,9 @@ public: std::string record; file >> record; + if (!record.length() > 0) + continue; + //check for valid record if (not checksum(&record) or not parse_record(&record, len, addr, type, data)) { throw uhd::io_error("usrp_load_firmware: bad record checksum"); -- cgit v1.2.3