Compare commits

..

2 Commits

Author SHA1 Message Date
BodgeMaster aab91a2523 lib/nbt: Fix NBT::validateRawNBTData() and NBT::validateRawListContents closing #52 and #53 2022-09-11 09:14:32 +02:00
BodgeMaster 58b1199e38 lib/javacompat: Fixed JavaCompat::importJavaString() hanging when trying to import long strings
This was caused by an integer overflow due to using a too small data type in a counter variable.
2022-09-11 09:08:08 +02:00
2 changed files with 24 additions and 19 deletions

View File

@ -38,7 +38,7 @@ namespace JavaCompat {
return ErrorOr<tiny_utf8::string>(true, ErrorCodes::MISMATCHEDSIZE);
}
for(uint8_t i=2; i<size+2; i++){
for(uint16_t i=2; i<size+2; i++){
if(i != 0){
if(data[i] == 0x80 && data[i-1] == 0xc0){
stdString[stdString.length() - 1] = '\0';

View File

@ -595,18 +595,20 @@ namespace NBT {
}
}
bool validateRawList(uint8_t data[], uint64_t dataSize, uint64_t initialPosition, uint64_t* processedDataSize) {
ErrorOr<int32_t> elementCount = helper::containedDataLength(data, dataSize, initialPosition);
bool validateRawListContents(uint8_t data[], uint64_t dataSize, uint64_t initialPosition, uint64_t* processedDataSize) {
// get contained data length by reading it manually because
// the function that does it normally can't deal with
// headerless tags
//
// add one byte to position to skip the type byte
ErrorOr<int32_t> elementCount = helper::readInt32(data, dataSize, initialPosition+1);
if (elementCount.isError) {
return false;
}
// there is no way this is an error bc it gets checked while trying
// to get the element count
int16_t nameSize = helper::readInt16(data, dataSize, initialPosition+1).value;
// type byte + two name size bytes = 3
uint8_t contentType = data[initialPosition + nameSize + 3];
// type byte + two name size bytes + contained type byte + 4 length bytes = 8
*processedDataSize = (uint64_t) nameSize + 8;
uint8_t contentType = data[initialPosition];
// contained type byte + 4 length bytes = 5
*processedDataSize = 5;
switch (contentType) {
case TagType::END:
// everything except content has been touched at this point
@ -656,7 +658,8 @@ namespace NBT {
uint64_t* containedDataSize = new uint64_t;
for (int32_t i=0; i<elementCount.value; i++) {
*containedDataSize = 0;
if (validateRawList(data, dataSize, initialPosition+*processedDataSize, containedDataSize)) {
if (validateRawListContents(data, dataSize, initialPosition+*processedDataSize, containedDataSize)) {
*processedDataSize += *containedDataSize;
} else {
delete containedDataSize;
@ -670,7 +673,7 @@ namespace NBT {
uint64_t* containedDataSize = new uint64_t;
for (int32_t i=0; i<elementCount.value; i++) {
*containedDataSize = 0;
if (validateRawNBTData(data, dataSize, initialPosition, containedDataSize)) {
if (validateRawNBTData(data, dataSize, initialPosition+*processedDataSize, containedDataSize)) {
*processedDataSize += *containedDataSize;
} else {
delete containedDataSize;
@ -743,22 +746,24 @@ namespace NBT {
return false;
}
uint64_t* processedTagSize = new uint64_t;
*processedTagSize = 0;
if (data[currentPosition]==TagType::LIST) {
if (!validateRawList(data, dataSize, currentPosition, processedTagSize)) {
delete processedTagSize;
return false;
}
}
if (data[currentPosition]==TagType::COMPOUND) {
// seek to the start of the compound's contents
// used seek to the start of the list's/compounds contents
//
// there is no way this is an error bc it gets
// checked while trying to parse the string above
int16_t nameSize = helper::readInt16(data, dataSize, currentPosition+1).value;
uint64_t* processedTagSize = new uint64_t;
*processedTagSize = 0;
if (data[currentPosition]==TagType::LIST) {
// type byte + two name size bytes = 3
if (!validateRawListContents(data, dataSize, currentPosition + (uint64_t) nameSize + 3, processedTagSize)) {
delete processedTagSize;
return false;
}
*processedTagSize += (uint64_t) nameSize + 3;
}
if (data[currentPosition]==TagType::COMPOUND) {
// type byte + two name size bytes = 3
if (!validateRawNBTData(data, dataSize, currentPosition + (uint64_t) nameSize + 3, processedTagSize)) {
delete processedTagSize;