From ded5abb01eb014ef727e03e6edf8ca68974a36d1 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 31 Mar 2015 13:48:15 -0500 Subject: [PATCH] binpac: BIT-1361: Improve boundary checks of records that use &length Specifying &length on a record no longer skips generating boundary checks for individual fields. E.g. a record field that specifies a &length that extends beyond the &length of the record containing it should throw binpac::ExceptionOutOfBound, the usual way of handling out-of-bounds conditions. --- tools/binpac/src/pac_record.cc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/binpac/src/pac_record.cc b/tools/binpac/src/pac_record.cc index cdffd70ef9..2cd888742a 100644 --- a/tools/binpac/src/pac_record.cc +++ b/tools/binpac/src/pac_record.cc @@ -206,6 +206,13 @@ int RecordType::StaticSize(Env* env) const void RecordType::SetBoundaryChecked() { Type::SetBoundaryChecked(); + + if ( StaticSize(env()) < 0 || attr_length_expr_ ) + // Don't assume sufficient bounds checking has been done on fields + // if the record is of variable size or if its size is set from &length + // (whose value is not necessarily trustworthy). + return; + foreach (i, RecordFieldList, record_fields_) { RecordField *f = *i;