Fix read overflow #1812
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -136,6 +136,13 @@ namespace pcpp | |
|
|
||
| void RawPacket::insertData(int atIndex, const uint8_t* dataToInsert, size_t dataToInsertLen) | ||
| { | ||
| // Check for overflow in the new length | ||
| if ((size_t)m_RawDataLen + dataToInsertLen < (size_t)m_RawDataLen) | ||
| { | ||
| PCPP_LOG_ERROR("RawPacket::insertData: dataToInsertLen causes overflow"); | ||
| return; | ||
| } | ||
|
There was a problem hiding this comment. Can we throw a There was a problem hiding this comment. Will throwing an exception prevent the application from crashing? 🤔 This method was called in There was a problem hiding this comment. You want a crash if overflow happens. Or at least you want an exception thrown to indicate the failure of the operation, and if the caller doesn't handle it up the call stack, then to crash. It isn't really possible to recover from the situation as the system has reached the limit of how much data can be stored inside a packet. Silently continuing with just an error message in the log is worse as the program will assume the operation went fine and produce corrupted data down the line. This is exactly the type of improbable situation the exception mechanism was made to handle. There was a problem hiding this comment. I totally agree, however I don't think throwing an exception will resolve the OSS-Fuzz issue. We should probably throw an exception and fix the issue that caused it in There was a problem hiding this comment. Generally, I find exceptions are fine as long as they aren't used to dictate common control flow. The current mainstream compilers use an architecture that has a "zero cost" try-catch blocks if the exception isn't thrown. The tradeoff is a significant overhead if an exception is thrown, so you only want them thrown for rare events. The current usage seems ok to me? How often are overflows expected to happen? There was a problem hiding this comment. In most cases, I wouldn't expect an exception to be thrown, however:
There was a problem hiding this comment. Hi, I have been working on other things and have been checking out this PR again. I agree with sela's points and will prepare a patch after a confirmation from your side -
There was a problem hiding this comment. I think we can still throw an error in There was a problem hiding this comment. Sounds good. I will also cover the nitpick and send it tonight :) |
||
|
|
||
| // memmove copies data as if there was an intermediate buffer in between - so it allows for copying processes on | ||
| // overlapping src/dest ptrs if insertData is called with atIndex == m_RawDataLen, then no data is being moved. | ||
| // The data of the raw packet is still extended by dataToInsertLen | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: maybe use
static_castinstead of C-style casting?