fz0x1/Picocrypt
1
0
Fork 0
mirror of https://github.com/Picocrypt/Picocrypt.git synced 2025-05-12 21:58:31 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Validate comments length before parsing

Browse source
This commit is contained in:
Evan Su 2024-09-02 23:23:38 -04:00
parent 21ab20773d
commit b3f36a3994
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/Picocrypt.go
View file

@ -2,7 +2,7 @@ package main
/* /*
Picocrypt v1.40 Picocrypt v1.42
Copyright (c) Evan Su Copyright (c) Evan Su
Released under a GNU GPL v3 License Released under a GNU GPL v3 License
https://github.com/Picocrypt/Picocrypt https://github.com/Picocrypt/Picocrypt
@ -59,7 +59,7 @@ var TRANSPARENT = color.RGBA{0x00, 0x00, 0x00, 0x00}
// Generic variables // Generic variables
var window *giu.MasterWindow var window *giu.MasterWindow
var version = "v1.40" var version = "v1.42"
var dpi float32 var dpi float32
var mode string var mode string
var working bool var working bool
@ -1388,6 +1388,12 @@ func work() {
tmp := make([]byte, 15) tmp := make([]byte, 15)
fin.Read(tmp) fin.Read(tmp)
tmp, errs[1] = rsDecode(rs5, tmp) tmp, errs[1] = rsDecode(rs5, tmp)
if valid, err := regexp.Match(`^\d{5}$`, tmp); !valid || err != nil {
broken(fin, nil, "Unable to read comments length", true)
return
}
commentsLength, _ := strconv.Atoi(string(tmp)) commentsLength, _ := strconv.Atoi(string(tmp))
fin.Read(make([]byte, commentsLength*3)) fin.Read(make([]byte, commentsLength*3))
total -= int64(commentsLength) * 3 total -= int64(commentsLength) * 3