back port overflow checking from master

2017-10-01 19:21:30 +02:00 · 2017-10-01 19:21:30 +02:00 · 5f3661aaa2
parent 3255375095
commit 5f3661aaa2
4 changed files with 38 additions and 4 deletions
--- a/3
+++ b/3
@ -387,9 +387,8 @@ rule tag ( name : type  ? : property-set )
 feature ipv6 : on off : composite propagated link-incompatible ;
 feature.compose <ipv6>off : <define>TORRENT_USE_IPV6=0 ;

-feature sanitize : off address bounds undefined thread rtc : composite propagated link-incompatible ;
+feature sanitize : off address undefined thread rtc : composite propagated link-incompatible ;
 # sanitize is a clang and GCC feature
-feature.compose <sanitize>bounds : <cflags>-fsanitize=bounds <cflags>-fsanitize-undefined-trap-on-error <linkflags>-fsanitize=bounds <linkflags>-fsanitize-undefined-trap-on-error ;
 feature.compose <sanitize>undefined : <cflags>-fsanitize=undefined <linkflags>-fsanitize=undefined ;
 feature.compose <sanitize>thread : <cflags>-fsanitize=thread <linkflags>-fsanitize=thread ;
 feature.compose <sanitize>address : <cflags>-fsanitize=address <linkflags>-fsanitize=address ;
--- a/include/libtorrent/config.hpp
+++ b/include/libtorrent/config.hpp
@ -728,6 +728,9 @@ int snprintf(char* buf, int len, char const* fmt, ...)

 #endif // TORRENT_HAS_SSE

+namespace libtorrent {}
+
+namespace lt = libtorrent;

 #endif // TORRENT_CONFIG_HPP_INCLUDED

--- a/src/assert.cpp
+++ b/src/assert.cpp
@ -354,7 +354,7 @@ TORRENT_EXPORT void assert_fail(char const* expr, int line
 #ifndef TORRENT_PRODUCTION_ASSERTS
 	// send SIGINT to the current process
 	// to break into the debugger
-	raise(SIGINT);
+	raise(SIGABRT);
 	abort();
 #endif
 }
--- a/src/torrent_info.cpp
+++ b/src/torrent_info.cpp
@ -1178,12 +1178,35 @@ namespace libtorrent
 			}
 			m_multifile = true;
 		}
-		TORRENT_ASSERT(!files.name().empty());
+		if (files.num_files() == 0)
+		{
+			ec = errors::no_files_in_torrent;
+			// mark the torrent as invalid
+			m_files.set_piece_length(0);
+			return false;
+		}
+		if (files.name().empty())
+		{
+			ec = errors::torrent_missing_name;
+			// mark the torrent as invalid
+			m_files.set_piece_length(0);
+			return false;
+		}

 		// extract SHA-1 hashes for all pieces
 		// we want this division to round upwards, that's why we have the
 		// extra addition

+		if (files.total_size() >=
+			static_cast<boost::int64_t>(std::numeric_limits<int>::max()
+			- files.piece_length()) * files.piece_length())
+		{
+			ec = errors::too_many_pieces_in_torrent;
+			// mark the torrent as invalid
+			m_files.set_piece_length(0);
+			return false;
+		}
+
 		files.set_num_pieces(int((files.total_size() + files.piece_length() - 1)
 			/ files.piece_length()));

@ -1197,6 +1220,15 @@ namespace libtorrent
 			return false;
 		}

+		// we expect the piece hashes to be < 2 GB in size
+		if (files.num_pieces() >= std::numeric_limits<int>::max() / 20)
+		{
+			ec = errors::too_many_pieces_in_torrent;
+			// mark the torrent as invalid
+			m_files.set_piece_length(0);
+			return false;
+		}
+
 		if (pieces)
 		{
 			if (pieces.string_length() != files.num_pieces() * 20)