diff options
| author |  Nikias Bassen | 2017-02-01 18:50:00 +0100 |
|---|---|---|
| committer | Nikias Bassen | 2017-02-01 18:50:00 +0100 |
| commit | e9895752a396c4acb8c2b4ba525c13329d4e9fab (patch) | |
| tree | f64ce60a28630090708384d68f95a9d9d3be915d /src | |
| parent | cf9836196cbabd6d40e8c1c8018417ef31df5f46 (diff) | |
| download | libplist-e9895752a396c4acb8c2b4ba525c13329d4e9fab.tar.gz libplist-e9895752a396c4acb8c2b4ba525c13329d4e9fab.tar.bz2 | |
bplist: Avoid heap buffer allocation when parsing array/dict/string/data node sizes > 14
The sizes where effectively parsed by calling parse_uint_node() which
allocates a node_t (along with plist_data_t) that is immediately freed
after retrieving the integer value it holds.
This commit changes the code to directly operate on the binary stream
to 'just' read the size instead, reducing the memory footprint further.
Diffstat (limited to 'src')
| -rw-r--r-- | src/bplist.c | 45 |
1 files changed, 25 insertions, 20 deletions
diff --git a/src/bplist.c b/src/bplist.c index 64c9081..2e32f70 100644 --- a/src/bplist.c +++ b/src/bplist.c @@ -557,11 +557,12 @@ static plist_t parse_bin_node(struct bplist_data *bplist, const char** object) case BPLIST_DATA: if (BPLIST_FILL == size) { - plist_t size_node = parse_bin_node(bplist, object); - if (plist_get_node_type(size_node) != PLIST_UINT) + uint8_t next_size = **object & BPLIST_FILL; + if ((**object & BPLIST_MASK) != BPLIST_UINT) return NULL; - plist_get_uint_val(size_node, &size); - plist_free(size_node); + (*object)++; + size = UINT_TO_HOST(*object, (1 << next_size)); + (*object) += (1 << next_size); } if (*object - bplist->data + size >= bplist->size) @@ -570,11 +571,12 @@ static plist_t parse_bin_node(struct bplist_data *bplist, const char** object) case BPLIST_STRING: if (BPLIST_FILL == size) { - plist_t size_node = parse_bin_node(bplist, object); - if (plist_get_node_type(size_node) != PLIST_UINT) + uint8_t next_size = **object & BPLIST_FILL; + if ((**object & BPLIST_MASK) != BPLIST_UINT) return NULL; - plist_get_uint_val(size_node, &size); - plist_free(size_node); + (*object)++; + size = UINT_TO_HOST(*object, (1 << next_size)); + (*object) += (1 << next_size); } if (*object - bplist->data + size >= bplist->size) @@ -583,11 +585,12 @@ static plist_t parse_bin_node(struct bplist_data *bplist, const char** object) case BPLIST_UNICODE: if (BPLIST_FILL == size) { - plist_t size_node = parse_bin_node(bplist, object); - if (plist_get_node_type(size_node) != PLIST_UINT) + uint8_t next_size = **object & BPLIST_FILL; + if ((**object & BPLIST_MASK) != BPLIST_UINT) return NULL; - plist_get_uint_val(size_node, &size); - plist_free(size_node); + (*object)++; + size = UINT_TO_HOST(*object, (1 << next_size)); + (*object) += (1 << next_size); } if (*object - bplist->data + size * 2 >= bplist->size) @@ -597,11 +600,12 @@ static plist_t parse_bin_node(struct bplist_data *bplist, const char** object) case BPLIST_SET: case BPLIST_ARRAY: if (BPLIST_FILL == size) { - plist_t size_node = parse_bin_node(bplist, object); - if (plist_get_node_type(size_node) != PLIST_UINT) + uint8_t next_size = **object & BPLIST_FILL; + if ((**object & BPLIST_MASK) != BPLIST_UINT) return NULL; - plist_get_uint_val(size_node, &size); - plist_free(size_node); + (*object)++; + size = UINT_TO_HOST(*object, (1 << next_size)); + (*object) += (1 << next_size); } if (*object - bplist->data + size >= bplist->size) @@ -613,11 +617,12 @@ static plist_t parse_bin_node(struct bplist_data *bplist, const char** object) case BPLIST_DICT: if (BPLIST_FILL == size) { - plist_t size_node = parse_bin_node(bplist, object); - if (plist_get_node_type(size_node) != PLIST_UINT) + uint8_t next_size = **object & BPLIST_FILL; + if ((**object & BPLIST_MASK) != BPLIST_UINT) return NULL; - plist_get_uint_val(size_node, &size); - plist_free(size_node); + (*object)++; + size = UINT_TO_HOST(*object, (1 << next_size)); + (*object) += (1 << next_size); } if (*object - bplist->data + size >= bplist->size) |