From 4a4c6fb6dcea31c1827a1580f940b589dbf3856f Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Sat, 24 Jan 2009 19:16:20 +0100
Subject: modplug: check size limit before appending new buffer

Don't enlarge the GByteArray when the size limit may overflow in this
operation; check the size limit first.
---
 src/decoder/modplug_plugin.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/decoder/modplug_plugin.c')

diff --git a/src/decoder/modplug_plugin.c b/src/decoder/modplug_plugin.c
index 33b66aece..9251b4a4c 100644
--- a/src/decoder/modplug_plugin.c
+++ b/src/decoder/modplug_plugin.c
@@ -57,19 +57,19 @@ static GByteArray *mod_loadfile(struct decoder *decoder, struct input_stream *is
 	data = g_malloc(MODPLUG_READ_BLOCK);
 	do {
 		ret = decoder_read(decoder, is, data, MODPLUG_READ_BLOCK);
-		if (ret > 0) {
-			g_byte_array_append(bdatas, data, ret);
-		} else {
+		if (ret == 0) {
 			//end of file, or read error
 			break;
 		}
 
-		if (bdatas->len > MODPLUG_FILE_LIMIT) {
+		if (bdatas->len + ret > MODPLUG_FILE_LIMIT) {
 			g_warning("stream too large\n");
 			g_free(data);
 			g_byte_array_free(bdatas, TRUE);
 			return NULL;
 		}
+
+		g_byte_array_append(bdatas, data, ret);
 	} while (input_stream_eof(is));
 	g_free(data);
 
-- 
cgit v1.2.3