From eff4d577df6f93e88b9715f0a83004d1054af365 Mon Sep 17 00:00:00 2001 From: Chad Trabant Date: Wed, 11 Mar 2015 23:46:48 +0000 Subject: [PATCH] Fix infinite loop if blockette chain is corrupt --- ChangeLog | 4 ++++ libmseed.h | 4 ++-- parseutils.c | 10 +++++----- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index cc3ae39..97c1dbc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2015.070: 2.15 + - Fix infinite loop if blockette chain is corrupt. Patch submitted + by Elliott Sales de Andrade. + 2015.062: 2.14 - Fix memory leak when msr_pack() returns after an error. Patch contributed by Larry Baker and Eric Thomas. diff --git a/libmseed.h b/libmseed.h index b28ca52..940328c 100644 --- a/libmseed.h +++ b/libmseed.h @@ -30,8 +30,8 @@ extern "C" { #include "lmplatform.h" -#define LIBMSEED_VERSION "2.14" -#define LIBMSEED_RELEASE "2015.062" +#define LIBMSEED_VERSION "2.15" +#define LIBMSEED_RELEASE "2015.070" #define MINRECLEN 128 /* Minimum Mini-SEED record length, 2^7 bytes */ /* Note: the SEED specification minimum is 256 */ diff --git a/parseutils.c b/parseutils.c index 0284169..d261f0f 100644 --- a/parseutils.c +++ b/parseutils.c @@ -5,7 +5,7 @@ * Written by Chad Trabant * IRIS Data Management Center * - * modified: 2014.248 + * modified: 2015.070 ***************************************************************************/ #include @@ -284,14 +284,14 @@ ms_detect ( const char *record, int recbuflen ) /* Calculate record size in bytes as 2^(blkt_1000->reclen) */ reclen = (unsigned int) 1 << blkt_1000->reclen; - + break; } - /* Saftey check for invalid offset */ - if ( next_blkt != 0 && next_blkt < blkt_offset ) + /* Safety check for invalid offset */ + if ( next_blkt != 0 && ( next_blkt < 4 || (next_blkt - 4) <= blkt_offset ) ) { - ms_log (2, "Invalid blockette offset (%d) less than current offset (%d)\n", + ms_log (2, "Invalid blockette offset (%d) less than or equal to current offset (%d)\n", next_blkt, blkt_offset); return -1; }