From cdf3099c68f21dd74b7eb9574b323f38eaa816ea Mon Sep 17 00:00:00 2001 From: Alex Hirsch Date: Tue, 9 Mar 2021 02:37:35 +0100 Subject: [PATCH] Add parameter checkes to FileAccess get_buffer functions fix #46540 --- core/io/file_access_compressed.cpp | 6 ++++-- core/io/file_access_encrypted.cpp | 4 +++- core/io/file_access_memory.cpp | 2 ++ core/io/file_access_network.cpp | 3 +++ core/io/file_access_pack.cpp | 3 +++ core/io/file_access_zip.cpp | 2 ++ core/os/file_access.cpp | 2 ++ drivers/unix/file_access_unix.cpp | 2 ++ drivers/windows/file_access_windows.cpp | 2 ++ platform/android/file_access_android.cpp | 3 +++ 10 files changed, 26 insertions(+), 3 deletions(-) diff --git a/core/io/file_access_compressed.cpp b/core/io/file_access_compressed.cpp index 9ec2b27e882..ade4b2c1acd 100644 --- a/core/io/file_access_compressed.cpp +++ b/core/io/file_access_compressed.cpp @@ -286,8 +286,10 @@ uint8_t FileAccessCompressed::get_8() const { } int FileAccessCompressed::get_buffer(uint8_t *p_dst, int p_length) const { - ERR_FAIL_COND_V_MSG(!f, 0, "File must be opened before use."); - ERR_FAIL_COND_V_MSG(writing, 0, "File has not been opened in read mode."); + ERR_FAIL_COND_V(!p_dst, -1); + ERR_FAIL_COND_V(p_length < 0, -1); + ERR_FAIL_COND_V_MSG(!f, -1, "File must be opened before use."); + ERR_FAIL_COND_V_MSG(writing, -1, "File has not been opened in read mode."); if (at_end) { read_eof = true; diff --git a/core/io/file_access_encrypted.cpp b/core/io/file_access_encrypted.cpp index 8b4c57ce640..133ec187621 100644 --- a/core/io/file_access_encrypted.cpp +++ b/core/io/file_access_encrypted.cpp @@ -237,7 +237,9 @@ uint8_t FileAccessEncrypted::get_8() const { } int FileAccessEncrypted::get_buffer(uint8_t *p_dst, int p_length) const { - ERR_FAIL_COND_V_MSG(writing, 0, "File has not been opened in read mode."); + ERR_FAIL_COND_V(!p_dst, -1); + ERR_FAIL_COND_V(p_length < 0, -1); + ERR_FAIL_COND_V_MSG(writing, -1, "File has not been opened in read mode."); int to_copy = MIN(p_length, data.size() - pos); for (int i = 0; i < to_copy; i++) { diff --git a/core/io/file_access_memory.cpp b/core/io/file_access_memory.cpp index 04270de77f0..4bab8c1d3d9 100644 --- a/core/io/file_access_memory.cpp +++ b/core/io/file_access_memory.cpp @@ -138,6 +138,8 @@ uint8_t FileAccessMemory::get_8() const { } int FileAccessMemory::get_buffer(uint8_t *p_dst, int p_length) const { + ERR_FAIL_COND_V(!p_dst, -1); + ERR_FAIL_COND_V(p_length < 0, -1); ERR_FAIL_COND_V(!data, -1); int left = length - pos; diff --git a/core/io/file_access_network.cpp b/core/io/file_access_network.cpp index 97838fd14ca..e09c3552efd 100644 --- a/core/io/file_access_network.cpp +++ b/core/io/file_access_network.cpp @@ -366,6 +366,9 @@ void FileAccessNetwork::_queue_page(int p_page) const { } int FileAccessNetwork::get_buffer(uint8_t *p_dst, int p_length) const { + ERR_FAIL_COND_V(!p_dst, -1); + ERR_FAIL_COND_V(p_length < 0, -1); + //bool eof=false; if (pos + p_length > total_size) { eof_flag = true; diff --git a/core/io/file_access_pack.cpp b/core/io/file_access_pack.cpp index faf4fca14fa..17d54e5cb66 100644 --- a/core/io/file_access_pack.cpp +++ b/core/io/file_access_pack.cpp @@ -299,6 +299,9 @@ uint8_t FileAccessPack::get_8() const { } int FileAccessPack::get_buffer(uint8_t *p_dst, int p_length) const { + ERR_FAIL_COND_V(!p_dst, -1); + ERR_FAIL_COND_V(p_length < 0, -1); + if (eof) { return 0; } diff --git a/core/io/file_access_zip.cpp b/core/io/file_access_zip.cpp index 01f9337a80f..5364125abb9 100644 --- a/core/io/file_access_zip.cpp +++ b/core/io/file_access_zip.cpp @@ -303,6 +303,8 @@ uint8_t FileAccessZip::get_8() const { } int FileAccessZip::get_buffer(uint8_t *p_dst, int p_length) const { + ERR_FAIL_COND_V(!p_dst, -1); + ERR_FAIL_COND_V(p_length < 0, -1); ERR_FAIL_COND_V(!zfile, -1); at_eof = unzeof(zfile); if (at_eof) { diff --git a/core/os/file_access.cpp b/core/os/file_access.cpp index 5a3df886197..e3a84732dc9 100644 --- a/core/os/file_access.cpp +++ b/core/os/file_access.cpp @@ -368,6 +368,8 @@ Vector FileAccess::get_csv_line(const String &p_delim) const { } int FileAccess::get_buffer(uint8_t *p_dst, int p_length) const { + ERR_FAIL_COND_V(!p_dst, -1); + ERR_FAIL_COND_V(p_length < 0, -1); int i = 0; for (i = 0; i < p_length && !eof_reached(); i++) { p_dst[i] = get_8(); diff --git a/drivers/unix/file_access_unix.cpp b/drivers/unix/file_access_unix.cpp index 6b24a85ff65..31ec9d4c936 100644 --- a/drivers/unix/file_access_unix.cpp +++ b/drivers/unix/file_access_unix.cpp @@ -240,6 +240,8 @@ uint8_t FileAccessUnix::get_8() const { } int FileAccessUnix::get_buffer(uint8_t *p_dst, int p_length) const { + ERR_FAIL_COND_V(!p_dst, -1); + ERR_FAIL_COND_V(p_length < 0, -1); ERR_FAIL_COND_V_MSG(!f, -1, "File must be opened before use."); int read = fread(p_dst, 1, p_length, f); check_errors(); diff --git a/drivers/windows/file_access_windows.cpp b/drivers/windows/file_access_windows.cpp index 35f61c0623b..17f68ecdac4 100644 --- a/drivers/windows/file_access_windows.cpp +++ b/drivers/windows/file_access_windows.cpp @@ -253,6 +253,8 @@ uint8_t FileAccessWindows::get_8() const { } int FileAccessWindows::get_buffer(uint8_t *p_dst, int p_length) const { + ERR_FAIL_COND_V(!p_dst, -1); + ERR_FAIL_COND_V(p_length < 0, -1); ERR_FAIL_COND_V(!f, -1); if (flags == READ_WRITE || flags == WRITE_READ) { if (prev_op == WRITE) { diff --git a/platform/android/file_access_android.cpp b/platform/android/file_access_android.cpp index 165d5da3ae3..e288c167771 100644 --- a/platform/android/file_access_android.cpp +++ b/platform/android/file_access_android.cpp @@ -114,6 +114,9 @@ uint8_t FileAccessAndroid::get_8() const { } int FileAccessAndroid::get_buffer(uint8_t *p_dst, int p_length) const { + ERR_FAIL_COND_V(!p_dst, -1); + ERR_FAIL_COND_V(p_length < 0, -1); + off_t r = AAsset_read(a, p_dst, p_length); if (pos + p_length > len) {