COM-18: Broken Check due to Integer Truncation in CpEpEngine::get_crashdump_log
authorMarkus Schaber <markus@pep-security.net>
Sat, 05 Nov 2016 10:44:52 +0100
changeset 1942ed82f56ffcf
parent 193 896f1ea47f31
child 195 248f4d7b97a7
COM-18: Broken Check due to Integer Truncation in CpEpEngine::get_crashdump_log
CpEpEngine.cpp
     1.1 --- a/CpEpEngine.cpp	Sat Nov 05 10:22:14 2016 +0100
     1.2 +++ b/CpEpEngine.cpp	Sat Nov 05 10:44:52 2016 +0100
     1.3 @@ -230,10 +230,14 @@
     1.4  
     1.5  STDMETHODIMP CpEpEngine::GetCrashdumpLog(LONG maxlines, BSTR * log)
     1.6  {
     1.7 -	assert(maxlines >= 0);
     1.8 +	// COM-18: Currently, long == int on windows, so the check
     1.9 +	// for INT_MAX is not strictly necessary. However, the code
    1.10 +	// might get copy-pasted to other adapters in the future,
    1.11 +	// so safety first...
    1.12 +	assert(maxlines >= 0 && maxlines <= INT_MAX);
    1.13  	assert(log);
    1.14  
    1.15 -	if (!(maxlines >= 0 && log))
    1.16 +	if (!(maxlines >= 0 && maxlines <= INT_MAX && log))
    1.17  		return E_INVALIDARG;
    1.18  
    1.19  	char *_log;