aboutsummaryrefslogtreecommitdiffstats
path: root/parse-vtb-ext-block.cpp
diff options
context:
space:
mode:
authorjoevt <joevt@shaw.ca>2021-09-14 05:11:22 -0700
committerHans Verkuil <hverkuil-cisco@xs4all.nl>2021-09-15 10:25:07 +0200
commitd2705adbbbf1e05f2c25cfb4e0698ab1e9de9f89 (patch)
tree23e925c5383b2203cc97738c98b4211f1d92055f /parse-vtb-ext-block.cpp
parente5dafff2ff0a994b670328fc764a47df574547f1 (diff)
edid-decode: add VTB-EXT bounds checking
Add VTB-EXT bounds checking. Signed-off-by: Joe van Tunen <joevt@shaw.ca> Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> [hverkuil: fix typo: DTB -> DTD]
Diffstat (limited to 'parse-vtb-ext-block.cpp')
-rw-r--r--parse-vtb-ext-block.cpp22
1 files changed, 19 insertions, 3 deletions
diff --git a/parse-vtb-ext-block.cpp b/parse-vtb-ext-block.cpp
index 05d54f4..7af19c4 100644
--- a/parse-vtb-ext-block.cpp
+++ b/parse-vtb-ext-block.cpp
@@ -17,16 +17,27 @@ void edid_state::parse_vtb_ext_block(const unsigned char *x)
unsigned num_cvt = x[3];
unsigned num_st = x[4];
+ const unsigned char *y = x + 0x7f;
x += 5;
if (num_dtd) {
printf(" Detailed Timing Descriptors:\n");
- for (unsigned i = 0; i < num_dtd; i++, x += 18)
+ for (unsigned i = 0; i < num_dtd; i++, x += 18) {
+ if (x + 18 > y) {
+ fail("Not enough bytes remain for more DTDs in the VTB-EXT.\n");
+ return;
+ }
detailed_timings(" ", x, false);
+ }
}
if (num_cvt) {
printf(" Coordinated Video Timings:\n");
- for (unsigned i = 0; i < num_cvt; i++, x += 3)
+ for (unsigned i = 0; i < num_cvt; i++, x += 3) {
+ if (x + 3 > y) {
+ fail("Not enough bytes remain for more CVTs in the VTB-EXT.\n");
+ return;
+ }
detailed_cvt_descriptor(" ", x, false);
+ }
}
if (num_st) {
// Note: the VTB-EXT standard has a mistake in the example EDID
@@ -36,7 +47,12 @@ void edid_state::parse_vtb_ext_block(const unsigned char *x)
//
// The documentation itself is correct, though.
printf(" Standard Timings:\n");
- for (unsigned i = 0; i < num_st; i++, x += 2)
+ for (unsigned i = 0; i < num_st; i++, x += 2) {
+ if (x + 2 > y) {
+ fail("Not enough bytes remain for more STs in the VTB-EXT.\n");
+ return;
+ }
print_standard_timing(" ", x[0], x[1], true);
+ }
}
}

Privacy Policy