Another attempt to fix SEGV in FitRideFile

.. when the file is zero length or the header is truncated.
2026-02-13 16:18:42 +00:00 · 2014-02-02 20:06:40 +00:00
parent f07089b209
commit 4e24fcaa21
1 changed files with 41 additions and 31 deletions
--- a/src/FitRideFile.cpp
+++ b/src/FitRideFile.cpp
@@ -690,39 +690,49 @@ struct FitFileReaderState
            delete rideFile;
            return NULL;
        }
-        int header_size = read_uint8();
-        if (header_size != 12 && header_size != 14) {
-            errors << QString("bad header size: %1").arg(header_size);
-            file.close();
-            delete rideFile;
+
+        int data_size = 0;
+        try {
+
+            // read the header
+            int header_size = read_uint8();
+            if (header_size != 12 && header_size != 14) {
+                errors << QString("bad header size: %1").arg(header_size);
+                file.close();
+                delete rideFile;
+                return NULL;
+            }
+            int protocol_version = read_uint8();
+            (void) protocol_version;
+
+            // if the header size is 14 we have profile minor then profile major
+            // version. We still don't do anything with this information
+            int profile_version = read_uint16(false); // always littleEndian
+            (void) profile_version; // not sure what to do with this
+
+            data_size = read_uint32(false); // always littleEndian
+            char fit_str[5];
+            if (file.read(fit_str, 4) != 4) {
+                errors << "truncated header";
+                file.close();
+                delete rideFile;
+                return NULL;
+            }
+            fit_str[4] = '\0';
+            if (strcmp(fit_str, ".FIT") != 0) {
+                errors << QString("bad header, expected \".FIT\" but got \"%1\"").arg(fit_str);
+                file.close();
+                delete rideFile;
+                return NULL;
+            }
+
+            // read the rest of the header
+            if (header_size == 14) read_uint16(false);
+
+        } catch (TruncatedRead &e) {
+            errors << "truncated file body";
            return NULL;
        }
-        int protocol_version = read_uint8();
-        (void) protocol_version;
-
-        // if the header size is 14 we have profile minor then profile major
-        // version. We still don't do anything with this information
-        int profile_version = read_uint16(false); // always littleEndian
-        (void) profile_version; // not sure what to do with this
-
-        int data_size = read_uint32(false); // always littleEndian
-        char fit_str[5];
-        if (file.read(fit_str, 4) != 4) {
-            errors << "truncated header";
-            file.close();
-            delete rideFile;
-            return NULL;
-        }
-        fit_str[4] = '\0';
-        if (strcmp(fit_str, ".FIT") != 0) {
-            errors << QString("bad header, expected \".FIT\" but got \"%1\"").arg(fit_str);
-            file.close();
-            delete rideFile;
-            return NULL;
-        }
-
-        // read the rest of the header
-        if (header_size == 14) read_uint16(false);

        int bytes_read = 0;
        bool stop = false;