bug fix, avatar item deserialisation unsafely assumes valid image length. caused crash on windows.

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5194 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
chrisparker126 2012-06-04 12:49:54 +00:00
parent ff6276e920
commit 94729aae4b

View File

@ -1091,9 +1091,14 @@ RsChatAvatarItem::RsChatAvatarItem(void *data,uint32_t /*size*/)
/* get mandatory parts first */
ok &= getRawUInt32(data, rssize, &offset,&image_size);
// ensure invalid image length does not overflow data
if( (offset + image_size) <= rssize){
image_data = new unsigned char[image_size] ;
memcpy(image_data,(void*)((unsigned char*)data+offset),image_size) ;
offset += image_size ;
}else{
ok = false;
}
if (offset != rssize)
std::cerr << "Size error while deserializing." << std::endl ;