diff options
author | Max Kellermann <max@duempel.org> | 2009-07-19 17:37:02 +0200 |
---|---|---|
committer | Max Kellermann <max@duempel.org> | 2009-07-19 17:37:02 +0200 |
commit | e3ff0ab6d1f378aec9b98fe930ca42d1f428409e (patch) | |
tree | f1696cc13684ec9f3ac3ba78a5e5224c6878b4d3 /src | |
parent | a988b9b0259e7d0b1090913087369dd504cd0f45 (diff) | |
download | mpd-e3ff0ab6d1f378aec9b98fe930ca42d1f428409e.tar.gz mpd-e3ff0ab6d1f378aec9b98fe930ca42d1f428409e.tar.xz mpd-e3ff0ab6d1f378aec9b98fe930ca42d1f428409e.zip |
tag_ape: removed redundant length check
Extend the tagLen check after reading it. Removed the second
(redundant) check after the subtraction.
Diffstat (limited to 'src')
-rw-r--r-- | src/tag_ape.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/tag_ape.c b/src/tag_ape.c index 0d504dc7d..ef921141b 100644 --- a/src/tag_ape.c +++ b/src/tag_ape.c @@ -22,6 +22,7 @@ #include <glib.h> +#include <assert.h> #include <stdio.h> struct tag * @@ -86,15 +87,15 @@ tag_ape_load(const char *file) /* find beginning of ape tag */ tagLen = GUINT32_FROM_LE(footer.length); - if (tagLen < sizeof(footer)) + if (tagLen <= sizeof(footer) + 10) goto fail; if (fseek(fp, size - tagLen, SEEK_SET)) goto fail; /* read tag into buffer */ tagLen -= sizeof(footer); - if (tagLen <= 0) - goto fail; + assert(tagLen > 10); + buffer = g_malloc(tagLen); if (fread(buffer, 1, tagLen, fp) != tagLen) goto fail; |