diff options
author | Max Kellermann <max@duempel.org> | 2009-01-24 19:16:20 +0100 |
---|---|---|
committer | Max Kellermann <max@duempel.org> | 2009-01-24 19:16:20 +0100 |
commit | 4a4c6fb6dcea31c1827a1580f940b589dbf3856f (patch) | |
tree | 13357a6357ff80390aa2d078115f4308f21fd357 | |
parent | b53e80d7857fa079331d35637a5a3fb0b4d4ac3c (diff) | |
download | mpd-4a4c6fb6dcea31c1827a1580f940b589dbf3856f.tar.gz mpd-4a4c6fb6dcea31c1827a1580f940b589dbf3856f.tar.xz mpd-4a4c6fb6dcea31c1827a1580f940b589dbf3856f.zip |
modplug: check size limit before appending new buffer
Don't enlarge the GByteArray when the size limit may overflow in this
operation; check the size limit first.
-rw-r--r-- | src/decoder/modplug_plugin.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/decoder/modplug_plugin.c b/src/decoder/modplug_plugin.c index 33b66aece..9251b4a4c 100644 --- a/src/decoder/modplug_plugin.c +++ b/src/decoder/modplug_plugin.c @@ -57,19 +57,19 @@ static GByteArray *mod_loadfile(struct decoder *decoder, struct input_stream *is data = g_malloc(MODPLUG_READ_BLOCK); do { ret = decoder_read(decoder, is, data, MODPLUG_READ_BLOCK); - if (ret > 0) { - g_byte_array_append(bdatas, data, ret); - } else { + if (ret == 0) { //end of file, or read error break; } - if (bdatas->len > MODPLUG_FILE_LIMIT) { + if (bdatas->len + ret > MODPLUG_FILE_LIMIT) { g_warning("stream too large\n"); g_free(data); g_byte_array_free(bdatas, TRUE); return NULL; } + + g_byte_array_append(bdatas, data, ret); } while (input_stream_eof(is)); g_free(data); |