Skip to content

M
mpd
Commit 4a4c6fb6 authored by Max Kellermann's avatar Max Kellermann
Browse files
Options

modplug: check size limit before appending new buffer

Don't enlarge the GByteArray when the size limit may overflow in this operation; check the size limit first.
parent b53e80d7
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 4 deletions
src/decoder/modplug_plugin.c
View file @ 4a4c6fb6
...@@ -57,19 +57,19 @@ static GByteArray *mod_loadfile(struct decoder *decoder, struct input_stream *is ...@@ -57,19 +57,19 @@ static GByteArray *mod_loadfile(struct decoder *decoder, struct input_stream *is
data = g_malloc(MODPLUG_READ_BLOCK); data = g_malloc(MODPLUG_READ_BLOCK);
do { do {
ret = decoder_read(decoder, is, data, MODPLUG_READ_BLOCK); ret = decoder_read(decoder, is, data, MODPLUG_READ_BLOCK);
if (ret > 0) { if (ret == 0) {
g_byte_array_append(bdatas, data, ret);
} else {
//end of file, or read error //end of file, or read error
break; break;
} }
if (bdatas->len > MODPLUG_FILE_LIMIT) { if (bdatas->len + ret > MODPLUG_FILE_LIMIT) {
g_warning("stream too large\n"); g_warning("stream too large\n");
g_free(data); g_free(data);
g_byte_array_free(bdatas, TRUE); g_byte_array_free(bdatas, TRUE);
return NULL; return NULL;
} }
g_byte_array_append(bdatas, data, ret);
} while (input_stream_eof(is)); } while (input_stream_eof(is));
g_free(data); g_free(data);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment