dilim/CMake
1
0
Fork 0
mirror of https://github.com/Kitware/CMake.git synced 2026-06-24 08:47:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmHexFileConverter: Avoid stack buffer overflow

Browse Source 
Prevent overflow on maliciously-crafted Motorola S1 record files which
have a maximum line length over the 256-byte maximum.
This commit is contained in:
Tyler Yankee
2026-05-16 15:57:34 -04:00
parent afad360df9
commit 2e55f86bb3
3 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Source/cmHexFileConverter.cxx
View File

@@ -45,6 +45,10 @@ static bool OutputBin(FILE* file, char const* buf, unsigned int startIndex,
success = false;
break;
}
if (outBufCount >= sizeof(outBuf)) {
success = false;
break;
}
outBuf[outBufCount] = static_cast<char>(convertedByte & 0xff);
outBufCount++;
}

4
Tests/StringFileTest/CMakeLists.txt
View File

@@ -55,6 +55,10 @@ else()
"file(STRINGS) incorrectly read from srec file [${infile_strings}]")
endif()
# this file is crafted to contain the maximum line length and trigger a buffer
# overflow
file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/s1-max-length.srec" infile_strings)
#this file has utf-8 content
file(STRINGS test.utf8 infile_strings ENCODING UTF-8)
list(LENGTH infile_strings content_len)

2
Tests/StringFileTest/s1-max-length.srec Normal file
View File

@@ -0,0 +1,2 @@
S107000001020304EE
S1FF000041414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414100