From cb94b71d28d0c12ba9edbbead8c152d29061e140 Mon Sep 17 00:00:00 2001 From: Joshua Peraza Date: Mon, 30 Jan 2017 11:46:33 -0800 Subject: Fixed a bug where cv record size was not correctly checked. BUG= Change-Id: I6c1d78cfe344c7b90a03f6df35193d67623bfd89 Reviewed-on: https://chromium-review.googlesource.com/434094 Reviewed-by: Ivan Penkov --- src/processor/minidump.cc | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'src/processor') diff --git a/src/processor/minidump.cc b/src/processor/minidump.cc index 7226d34a..c9fa4d81 100644 --- a/src/processor/minidump.cc +++ b/src/processor/minidump.cc @@ -2189,8 +2189,9 @@ const uint8_t* MinidumpModule::GetCVRecord(uint32_t* size) { } if (signature == MD_CVINFOPDB70_SIGNATURE) { - // Now that the structure type is known, recheck the size. - if (MDCVInfoPDB70_minsize > module_.cv_record.data_size) { + // Now that the structure type is known, recheck the size, + // ensuring at least one byte for the null terminator. + if (MDCVInfoPDB70_minsize + 1 > module_.cv_record.data_size) { BPLOG(ERROR) << "MinidumpModule CodeView7 record size mismatch, " << MDCVInfoPDB70_minsize << " > " << module_.cv_record.data_size; @@ -2215,8 +2216,9 @@ const uint8_t* MinidumpModule::GetCVRecord(uint32_t* size) { return NULL; } } else if (signature == MD_CVINFOPDB20_SIGNATURE) { - // Now that the structure type is known, recheck the size. - if (MDCVInfoPDB20_minsize > module_.cv_record.data_size) { + // Now that the structure type is known, recheck the size, + // ensuring at least one byte for the null terminator. + if (MDCVInfoPDB20_minsize + 1 > module_.cv_record.data_size) { BPLOG(ERROR) << "MinidumpModule CodeView2 record size mismatch, " << MDCVInfoPDB20_minsize << " > " << module_.cv_record.data_size; -- cgit v1.2.1