X-Git-Url: http://git.efficios.com/?p=babeltrace.git;a=blobdiff_plain;f=formats%2Fctf%2Ftypes%2Fstring.c;h=197a7e135f276825ae9e29f85a70b20636755c13;hp=6a478abfd202072f3a022b068ff49db40c607d61;hb=670977d3f384db208f375255a83060d90075d626;hpb=847bf71a4af4770390a59e8ef8e1fdfca33687b9

diff --git a/formats/ctf/types/string.c b/formats/ctf/types/string.c
index 6a478abf..197a7e13 100644
--- a/formats/ctf/types/string.c
+++ b/formats/ctf/types/string.c
@@ -21,7 +21,7 @@
 #include <limits.h>		/* C99 limits */
 #include <string.h>
 
-void ctf_string_read(struct stream_pos *ppos, struct definition *definition)
+int ctf_string_read(struct stream_pos *ppos, struct definition *definition)
 {
 	struct definition_string *string_definition =
 		container_of(definition, struct definition_string, p);
@@ -29,11 +29,23 @@ void ctf_string_read(struct stream_pos *ppos, struct definition *definition)
 		string_definition->declaration;
 	struct ctf_stream_pos *pos = ctf_pos(ppos);
 	size_t len;
+	ssize_t max_len;
 	char *srcaddr;
 
 	ctf_align_pos(pos, string_declaration->p.alignment);
+
 	srcaddr = ctf_get_pos_addr(pos);
-	len = strlen(srcaddr) + 1;
+	if (pos->offset == EOF)
+		return -EFAULT;
+	/* Not counting \0 */
+	max_len = pos->packet_size - pos->offset - 1;
+	if (max_len < 0)
+		return -EFAULT;
+	len = strnlen(srcaddr, max_len) + 1;	/* Add \0 */
+	/* Truncated string, unexpected. Trace probably corrupted. */
+	if (srcaddr[len - 1] != '\0')
+		return -EFAULT;
+
 	if (string_definition->alloc_len < len) {
 		string_definition->value =
 			g_realloc(string_definition->value, len);
@@ -43,9 +55,10 @@ void ctf_string_read(struct stream_pos *ppos, struct definition *definition)
 	memcpy(string_definition->value, srcaddr, len);
 	string_definition->len = len;
 	ctf_move_pos(pos, len * CHAR_BIT);
+	return 0;
 }
 
-void ctf_string_write(struct stream_pos *ppos,
+int ctf_string_write(struct stream_pos *ppos,
 		      struct definition *definition)
 {
 	struct definition_string *string_definition =
@@ -59,10 +72,15 @@ void ctf_string_write(struct stream_pos *ppos,
 	ctf_align_pos(pos, string_declaration->p.alignment);
 	assert(string_definition->value != NULL);
 	len = string_definition->len;
+
+	if (!ctf_pos_access_ok(pos, len))
+		return -EFAULT;
+
 	if (pos->dummy)
 		goto end;
 	destaddr = ctf_get_pos_addr(pos);
 	memcpy(destaddr, string_definition->value, len);
 end:
 	ctf_move_pos(pos, len * CHAR_BIT);
+	return 0;
 }