aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMax Kellermann <max@duempel.org>2009-01-24 19:16:20 +0100
committerMax Kellermann <max@duempel.org>2009-01-24 19:16:20 +0100
commit4a4c6fb6dcea31c1827a1580f940b589dbf3856f (patch)
tree13357a6357ff80390aa2d078115f4308f21fd357
parentb53e80d7857fa079331d35637a5a3fb0b4d4ac3c (diff)
downloadmpd-4a4c6fb6dcea31c1827a1580f940b589dbf3856f.tar.gz
mpd-4a4c6fb6dcea31c1827a1580f940b589dbf3856f.tar.xz
mpd-4a4c6fb6dcea31c1827a1580f940b589dbf3856f.zip
modplug: check size limit before appending new buffer
Don't enlarge the GByteArray when the size limit may overflow in this operation; check the size limit first.
-rw-r--r--src/decoder/modplug_plugin.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/decoder/modplug_plugin.c b/src/decoder/modplug_plugin.c
index 33b66aece..9251b4a4c 100644
--- a/src/decoder/modplug_plugin.c
+++ b/src/decoder/modplug_plugin.c
@@ -57,19 +57,19 @@ static GByteArray *mod_loadfile(struct decoder *decoder, struct input_stream *is
data = g_malloc(MODPLUG_READ_BLOCK);
do {
ret = decoder_read(decoder, is, data, MODPLUG_READ_BLOCK);
- if (ret > 0) {
- g_byte_array_append(bdatas, data, ret);
- } else {
+ if (ret == 0) {
//end of file, or read error
break;
}
- if (bdatas->len > MODPLUG_FILE_LIMIT) {
+ if (bdatas->len + ret > MODPLUG_FILE_LIMIT) {
g_warning("stream too large\n");
g_free(data);
g_byte_array_free(bdatas, TRUE);
return NULL;
}
+
+ g_byte_array_append(bdatas, data, ret);
} while (input_stream_eof(is));
g_free(data);