Menu
▾
▴
#344 ZBarcode_Encode crashes if passed too much data
The ZBarcode_Encode function allocates a buffer on the stack for the input data.
If passed a huge block of data to encode, this can cause a stack overflow.
Could there be a check for in_length variable to have a reasonable upper limit?
Does someone know the maxium number of bytes fitting into all supported barcodes?
I'd assume since QR-Code has a limit of 7,089 digits, we could just add a check and report an error if e.g. in_length is too big.
e.g.
if (in_length > 10000)
{
strcpy(symbol->errtxt, "205: No input data too big");
error_tag(symbol->errtxt, ZINT_ERROR_INVALID_DATA);
return ZINT_ERROR_INVALID_DATA;
}
Version was Zint 2.9.2
Hi Christian, on what system are you getting a stack overflow, and in which function?
Currently zint checks that input data length < 17400 (ZINT_MAX_DATA_LEN in "backend/zint.h"), which as the comment says is the maximum capacity of Han Xin, the most capacious barcode supported by zint.
zint makes extensive use of
alloca()(calledz_alloca()internally). This use could be lessened at the cost of speed and ease of internal error handling by usingmalloc()instead, although that obviously transfers the issue to the size of heap available.Regards, Martin
We got a crash report with ZBarcode_Encode crashing with a stack overflow.
Maybe you fixed it already in a newer version, but I would recommend to check against ZINT_MAX_DATA_LEN. I added such a check to the function for our copy of the source code.
There is no reason why it should accept 2 MB.
Oh ok, missed the version comment. The check was introduced in version 2.11.0. Is there some reason you're using such an old version?
Sorry, we'll update.
Cool Christian, thanks for taking the time to raise the issue anyway, closing now...