raster pushed a commit to branch master.
http://git.enlightenment.org/core/efl.git/commit/?id=eb57415a7ad968ff964a01b76983c319149b2425
commit eb57415a7ad968ff964a01b76983c319149b2425
Author: Carsten Haitzler (Rasterman) <ras...@rasterman.com>
Date: Fri Sep 29 12:03:37 2017 +0900
evas cseve - check msgsize before using - coverity
fix CID 1039568
---
src/bin/evas/evas_cserve2_messages.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/bin/evas/evas_cserve2_messages.c
b/src/bin/evas/evas_cserve2_messages.c
index 8f4f64c371..b2c2df9c94 100644
--- a/src/bin/evas/evas_cserve2_messages.c
+++ b/src/bin/evas/evas_cserve2_messages.c
@@ -87,7 +87,14 @@ cserve2_message_handler(int fd EINA_UNUSED, Fd_Flags flags,
void *data)
return;
if (!client->msg.reading)
- len = cserve2_client_read(client, &msgsize, sizeof(msgsize));
+ {
+ len = cserve2_client_read(client, &msgsize, sizeof(msgsize));
+ if ((msgsize < 0) || (msgsize > (128 * 1024)))
+ {
+ ERR("Client sending garbage message size of %i\n", msgsize);
+ return;
+ }
+ }
else
len = cserve2_client_read(client, &client->msg.buf[client->msg.done],
client->msg.size - client->msg.done);
--
