aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMax Kellermann <max@duempel.org>2009-07-19 17:37:02 +0200
committerMax Kellermann <max@duempel.org>2009-07-19 17:37:02 +0200
commite3ff0ab6d1f378aec9b98fe930ca42d1f428409e (patch)
treef1696cc13684ec9f3ac3ba78a5e5224c6878b4d3 /src
parenta988b9b0259e7d0b1090913087369dd504cd0f45 (diff)
downloadmpd-e3ff0ab6d1f378aec9b98fe930ca42d1f428409e.tar.gz
mpd-e3ff0ab6d1f378aec9b98fe930ca42d1f428409e.tar.xz
mpd-e3ff0ab6d1f378aec9b98fe930ca42d1f428409e.zip
tag_ape: removed redundant length check
Extend the tagLen check after reading it. Removed the second (redundant) check after the subtraction.
Diffstat (limited to 'src')
-rw-r--r--src/tag_ape.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/tag_ape.c b/src/tag_ape.c
index 0d504dc7d..ef921141b 100644
--- a/src/tag_ape.c
+++ b/src/tag_ape.c
@@ -22,6 +22,7 @@
#include <glib.h>
+#include <assert.h>
#include <stdio.h>
struct tag *
@@ -86,15 +87,15 @@ tag_ape_load(const char *file)
/* find beginning of ape tag */
tagLen = GUINT32_FROM_LE(footer.length);
- if (tagLen < sizeof(footer))
+ if (tagLen <= sizeof(footer) + 10)
goto fail;
if (fseek(fp, size - tagLen, SEEK_SET))
goto fail;
/* read tag into buffer */
tagLen -= sizeof(footer);
- if (tagLen <= 0)
- goto fail;
+ assert(tagLen > 10);
+
buffer = g_malloc(tagLen);
if (fread(buffer, 1, tagLen, fp) != tagLen)
goto fail;