From 0a119d50a1af2752a8ce7263a9177cfbf40e13a0 Mon Sep 17 00:00:00 2001
From: Dominik Loidolt <dominik.loidolt@univie.ac.at>
Date: Sun, 26 Jan 2025 20:40:38 +0100
Subject: [PATCH] cmp_tool: Add samples and buffer length parameter check

- Added validation for the samples and buffer length parameter to prevent excessive memory allocation.
---
 programs/cmp_tool.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/programs/cmp_tool.c b/programs/cmp_tool.c
index 20e2fb9..dc3645f 100644
--- a/programs/cmp_tool.c
+++ b/programs/cmp_tool.c
@@ -45,6 +45,7 @@
 
 #define DEFAULT_MODEL_ID 53264  /* random default id */
 
+
 /**
  * @brief checks if an optional argument is present
  *
@@ -429,6 +430,11 @@ int CMP_MAIN(int argc, char **argv)
 			input_size = (uint32_t)size;
 		}
 
+		if (input_size > CMP_ENTITY_MAX_ORIGINAL_SIZE) {
+			fprintf(stderr, "%s: Error input data size is to large; maximum original data size: %lu\n", PROGRAM_NAME, CMP_ENTITY_MAX_ORIGINAL_SIZE);
+			goto fail;
+		}
+
 		rcfg.input_buf = malloc(input_size);
 		if (!rcfg.input_buf) {
 			fprintf(stderr, "%s: Error allocating memory for input data buffer.\n", PROGRAM_NAME);
@@ -852,7 +858,13 @@ static int compression_for_rdcu(struct rdcu_cfg *rcfg)
 	}
 
 	printf("Compress data ... ");
+
 	out_buf_size = rcfg->buffer_length * sizeof(uint16_t);
+	if (out_buf_size > CMP_ENTITY_MAX_SIZE * BUFFER_LENGTH_DEF_FAKTOR) {
+		fprintf(stderr, "%s: Error buffer_length parameter to large.\n", PROGRAM_NAME);
+		goto error_cleanup;
+	}
+
 	cmp_entity = calloc(1, out_buf_size + sizeof(struct cmp_entity));
 	if (cmp_entity == NULL) {
 		fprintf(stderr, "%s: Error allocating memory for output buffer.\n", PROGRAM_NAME);
-- 
GitLab