From 50c51c9a9198931777e5cc6d0f7a4e906db59007 Mon Sep 17 00:00:00 2001
From: Sean Stangl <sean.stangl@gmail.com>
Date: Wed, 9 Apr 2014 15:47:23 -0700
Subject: [PATCH] Fix buffer overrun in EDFParser.

Signed-off-by: Mark Watkins <jedimark@users.sourceforge.net>
---
 .../SleepLib/loader_plugins/resmed_loader.cpp | 20 ++++++++++---------
 .../SleepLib/loader_plugins/resmed_loader.h   |  4 ++--
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/sleepyhead/SleepLib/loader_plugins/resmed_loader.cpp b/sleepyhead/SleepLib/loader_plugins/resmed_loader.cpp
index 50025cb9..10a44dc0 100644
--- a/sleepyhead/SleepLib/loader_plugins/resmed_loader.cpp
+++ b/sleepyhead/SleepLib/loader_plugins/resmed_loader.cpp
@@ -80,19 +80,21 @@ EDFParser::~EDFParser()
 }
 qint16 EDFParser::Read16()
 {
-    unsigned char *buf=(unsigned char *)buffer;
-    if (pos>=filesize) return 0;
-    qint16 res=*(qint16 *)&buf[pos];
-    //qint16 res=(buf[pos] ^128)<< 8 | buf[pos+1] ^ 128;
-    pos+=2;
+    if ((pos + sizeof(qint16)) > filesize)
+        return 0;
+
+    qint16 res = *(qint16 *)&buffer[pos];
+    pos += sizeof(qint16);
     return res;
 }
-QString EDFParser::Read(int si)
+QString EDFParser::Read(unsigned n)
 {
+    if ((pos + n) > filesize)
+        return "";
+
     QString str;
-    if (pos>=filesize) return "";
-    for (int i=0;i<si;i++) {
-        str+=buffer[pos++];
+    for (unsigned i = 0; i < n; i++) {
+        str += buffer[pos++];
     }
     return str.trimmed();
 }
diff --git a/sleepyhead/SleepLib/loader_plugins/resmed_loader.h b/sleepyhead/SleepLib/loader_plugins/resmed_loader.h
index e6688528..0c7a7fc0 100644
--- a/sleepyhead/SleepLib/loader_plugins/resmed_loader.h
+++ b/sleepyhead/SleepLib/loader_plugins/resmed_loader.h
@@ -116,8 +116,8 @@ public:
     //! \brief Open the EDF+ file, and read it's header
     bool Open(QString name);
 
-    //! \brief Read si bytes of 8 bit data from the EDF+ data stream
-    QString Read(int si);
+    //! \brief Read n bytes of 8 bit data from the EDF+ data stream
+    QString Read(unsigned n);
 
     //! \brief Read 16 bit word of data from the EDF+ data stream
     qint16 Read16();