kopia lustrzana https://github.com/micropython/micropython
py/stream: Check for stream read function returning too many bytes.
This only happens if the underlying stream implementation is malformed, but results in unsigned integer overflow and out of bounds read otherwise. Second fix for #13046 - allows for possibility an invalid result comes back from a different stream implementation. This work was funded through GitHub Sponsors. Signed-off-by: Angus Gratton <angus@redyak.com.au>pull/13572/head
rodzic
d02cd5c0ad
commit
d278b460f3
|
@ -64,6 +64,11 @@ mp_uint_t mp_stream_rw(mp_obj_t stream, void *buf_, mp_uint_t size, int *errcode
|
||||||
if (out_sz == 0) {
|
if (out_sz == 0) {
|
||||||
return done;
|
return done;
|
||||||
}
|
}
|
||||||
|
if (out_sz != MP_STREAM_ERROR && out_sz > size) {
|
||||||
|
// This can only happen if the filesystem implementation returned invalid out_sz
|
||||||
|
*errcode = MP_EINVAL;
|
||||||
|
out_sz = MP_STREAM_ERROR;
|
||||||
|
}
|
||||||
if (out_sz == MP_STREAM_ERROR) {
|
if (out_sz == MP_STREAM_ERROR) {
|
||||||
// If we read something before getting EAGAIN, don't leak it
|
// If we read something before getting EAGAIN, don't leak it
|
||||||
if (mp_is_nonblocking_error(*errcode) && done != 0) {
|
if (mp_is_nonblocking_error(*errcode) && done != 0) {
|
||||||
|
|
Ładowanie…
Reference in New Issue