Skip navigation
d_e_x
d_e_x Calculating status...
Currently Being Moderated

Crash in a poorly written ASF support function

Nov 23, 2010 1:58 AM

I wrote a tool that analyses various AV material.

There is a corrupted asf file in my test set that causes a crash in ASF_LegacyManager::ComputeDigest (ASF_Support.cpp).

The function calls digestStr[digestStr.size()-1] without checking if digestStr is empty.

 

The buggy code is here:

 

 

 

 

void ASF_LegacyManager::ComputeDigest()

{

MD5_CTX context;

MD5_Digest digest;

 

 

char buffer[40];

MD5Init ( &context );

digestStr.clear();

digestStr.reserve ( 160 );

 

 

for ( int type=0; type < fieldLast; ++type ) {

 

 

if (fields[type].size ( ) > 0 ) {

snprintf ( buffer,

 

sizeof(buffer), "%d,", type );

digestStr.append ( buffer );

MD5Update ( &context, (XMP_Uns8*)fields[type].data(), fields[type].size() );

}

}

digestStr[digestStr.size()-1] =

 

';';

MD5Final ( digest, &context );

size_t in, out;

 

 

for ( in = 0, out = 0; in < 16; in += 1, out += 2 ) {

XMP_Uns8 byte = digest[in];

buffer[out] = ReconcileUtils::kHexDigits [ byte >> 4 ];

buffer[out+1] = ReconcileUtils::kHexDigits [ byte & 0xF ];

}

buffer[32] = 0;

digestStr.append ( buffer );

digestComputed =

 

true;

}

1649 Views   1 Reply   Latest reply: Joerg Ehrlich, Nov 23, 2010 2:35 AM
 
Replies
Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points