diff options
| author | Rémi Verschelde <rverschelde@gmail.com> | 2021-06-07 18:31:50 +0200 |
|---|---|---|
| committer | Rémi Verschelde <rverschelde@gmail.com> | 2021-06-07 18:34:00 +0200 |
| commit | 01d5c463be103a29662d2123cd37ae2f21b077a6 (patch) | |
| tree | aec07e9d23605914d956cdb9b4b08817f0f34e48 | |
| parent | 6f8d5cff66416993856bdb01c83b999b84425fb0 (diff) | |
FileAccess: Don't err in `store_buffer` with buffer of size 0
The error check was added for `FileAccessUnix` but it's not an error when both
`p_src` and `p_length` are zero.
Added correct error checks to all implementations to prevent the actual
erroneous case: `p_src` is nullptr but `p_length > 0` (risk of null pointer
indexing).
Fixes #33564.
| -rw-r--r-- | core/io/file_access_encrypted.cpp | 1 | ||||
| -rw-r--r-- | core/io/file_access_memory.cpp | 1 | ||||
| -rw-r--r-- | core/os/file_access.cpp | 1 | ||||
| -rw-r--r-- | drivers/unix/file_access_unix.cpp | 2 | ||||
| -rw-r--r-- | drivers/windows/file_access_windows.cpp | 1 |
5 files changed, 5 insertions, 1 deletions
diff --git a/core/io/file_access_encrypted.cpp b/core/io/file_access_encrypted.cpp index b9514c8c8b..9e316291e8 100644 --- a/core/io/file_access_encrypted.cpp +++ b/core/io/file_access_encrypted.cpp @@ -257,6 +257,7 @@ Error FileAccessEncrypted::get_error() const { void FileAccessEncrypted::store_buffer(const uint8_t *p_src, uint64_t p_length) { ERR_FAIL_COND_MSG(!writing, "File has not been opened in write mode."); + ERR_FAIL_COND(!p_src && p_length > 0); if (pos < get_length()) { for (uint64_t i = 0; i < p_length; i++) { diff --git a/core/io/file_access_memory.cpp b/core/io/file_access_memory.cpp index 0114ab1765..d9be2a4a75 100644 --- a/core/io/file_access_memory.cpp +++ b/core/io/file_access_memory.cpp @@ -168,6 +168,7 @@ void FileAccessMemory::store_8(uint8_t p_byte) { } void FileAccessMemory::store_buffer(const uint8_t *p_src, uint64_t p_length) { + ERR_FAIL_COND(!p_src && p_length > 0); uint64_t left = length - pos; uint64_t write = MIN(p_length, left); if (write < p_length) { diff --git a/core/os/file_access.cpp b/core/os/file_access.cpp index 3d04e4e619..d21c0bd9a2 100644 --- a/core/os/file_access.cpp +++ b/core/os/file_access.cpp @@ -551,6 +551,7 @@ void FileAccess::store_csv_line(const Vector<String> &p_values, const String &p_ } void FileAccess::store_buffer(const uint8_t *p_src, uint64_t p_length) { + ERR_FAIL_COND(!p_src && p_length > 0); for (uint64_t i = 0; i < p_length; i++) { store_8(p_src[i]); } diff --git a/drivers/unix/file_access_unix.cpp b/drivers/unix/file_access_unix.cpp index ec23df62d0..6ea55219bb 100644 --- a/drivers/unix/file_access_unix.cpp +++ b/drivers/unix/file_access_unix.cpp @@ -264,7 +264,7 @@ void FileAccessUnix::store_8(uint8_t p_dest) { void FileAccessUnix::store_buffer(const uint8_t *p_src, uint64_t p_length) { ERR_FAIL_COND_MSG(!f, "File must be opened before use."); - ERR_FAIL_COND(!p_src); + ERR_FAIL_COND(!p_src && p_length > 0); ERR_FAIL_COND(fwrite(p_src, 1, p_length, f) != p_length); } diff --git a/drivers/windows/file_access_windows.cpp b/drivers/windows/file_access_windows.cpp index 1f46b44f5e..d6deda7b5d 100644 --- a/drivers/windows/file_access_windows.cpp +++ b/drivers/windows/file_access_windows.cpp @@ -294,6 +294,7 @@ void FileAccessWindows::store_8(uint8_t p_dest) { void FileAccessWindows::store_buffer(const uint8_t *p_src, uint64_t p_length) { ERR_FAIL_COND(!f); + ERR_FAIL_COND(!p_src && p_length > 0); if (flags == READ_WRITE || flags == WRITE_READ) { if (prev_op == READ) { if (last_error != ERR_FILE_EOF) { |