diff options
author | Marcus Meissner <marcus@jet.franken.de> | 2020-01-26 19:39:21 +0100 |
---|---|---|
committer | Marcus Meissner <marcus@jet.franken.de> | 2020-01-26 19:46:05 +0100 |
commit | cd19a02e300b27db24194ccb82b787545260c4b6 (patch) | |
tree | 920327902575ce19a063b12c114c1ded918e9e10 | |
parent | 634d11318929d6a1d3c297f3e1a149d767fd2c04 (diff) | |
download | libgphoto2-cd19a02e300b27db24194ccb82b787545260c4b6.tar.gz |
added more sanity checks to avoid NULL ptr deref (AFL)
-rw-r--r-- | camlibs/kodak/dc240/library.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/camlibs/kodak/dc240/library.c b/camlibs/kodak/dc240/library.c index f5d0d644e..a77d0999c 100644 --- a/camlibs/kodak/dc240/library.c +++ b/camlibs/kodak/dc240/library.c @@ -465,7 +465,10 @@ static int dc240_get_file_size (Camera *camera, const char *folder, const char * if (dc240_packet_exchange(camera, f, p1, p2, &size, 256, context) < 0) size = 0; else { - gp_file_get_data_and_size (f, (const char**)&fdata, &fsize); + int ret; + ret = gp_file_get_data_and_size (f, (const char**)&fdata, &fsize); + if (ret < GP_OK) return ret; + if (!fdata || (fsize < 4)) return GP_ERROR; size = (fdata[offset] << 24) | (fdata[offset+1] << 16) | (fdata[offset+2] << 8 ) | @@ -805,7 +808,7 @@ int dc240_file_action (Camera *camera, int action, CameraFile *file, thumb = 1; /* no break on purpose */ case DC240_ACTION_IMAGE: - if ((size = dc240_get_file_size(camera, folder, filename, thumb, context)) < 0) { + if ((size = dc240_get_file_size(camera, folder, filename, thumb, context)) < GP_OK) { retval = GP_ERROR; break; } |