Merge pull request #166 from hoene/issue-163

Issue 163 Heap overflow

CMakeLists.txt

@@ -83,7 +83,8 @@ if(BUILD_TESTS)
     136
     137
     138
-    156)
+    156
+    163)
     # issues with osx    96)
     add_test(fail-issue-${ISSUE} ${PROJECT_SOURCE_DIR}/tests/notcrashed.sh
              ${PROJECT_SOURCE_DIR}/tests/fail-issue-${ISSUE})

src/hdf/dataobject.c

@@ -500,14 +500,17 @@ static int readOHDRHeaderMessageDataLayout(struct READER *reader,
       store = ftell(reader->fhd);
       if (fseek(reader->fhd, data_address, SEEK_SET) < 0)
         return errno; // LCOV_EXCL_LINE
-      if (!data->data) {
-        if (data_size > 0x10000000)
-          return MYSOFA_INVALID_FORMAT;
-        data->data_len = data_size;
-        data->data = calloc(1, data_size);
-        if (!data->data)
-          return MYSOFA_NO_MEMORY; // LCOV_EXCL_LINE
+      if (data->data) {
+        free(data->data);
+        data->data = NULL;
       }
+      if (data_size > 0x10000000)
+        return MYSOFA_INVALID_FORMAT;
+      data->data_len = data_size;
+      data->data = calloc(1, data_size);
+      if (!data->data)
+        return MYSOFA_NO_MEMORY; // LCOV_EXCL_LINE
+
       err = fread(data->data, 1, data_size, reader->fhd);
       if (err != data_size)
         return MYSOFA_READ_ERROR; // LCOV_EXCL_LINE

tests/notcrashed.sh

@@ -1,12 +1,10 @@
 #!/bin/sh
-
+test -f "$1".sofa || exit 128
 ../build/src/mysofa2json "$1".sofa >/dev/null 2>/dev/null 
 ret=$?
 if [ "$ret" -ge 128 ]; then
-   if [ "$ret" -ge 128 ]; then
 	    echo mysofa2json crashed with $ret opening$1.sofa
             exit $ret
-   fi
 fi
 echo good
 exit 0