diff options
author | Marcus Meissner <marcus@jet.franken.de> | 2020-02-01 09:05:01 +0100 |
---|---|---|
committer | Marcus Meissner <marcus@jet.franken.de> | 2020-02-01 09:05:01 +0100 |
commit | ff0fc4325178c5e28f55ad1f7d9fa8f0737dd640 (patch) | |
tree | b901a678671ea8a522c7898531ba010d848445ba | |
parent | df9029c66cc5495c585e920591d4e06bf15f8687 (diff) | |
download | libgphoto2-ff0fc4325178c5e28f55ad1f7d9fa8f0737dd640.tar.gz |
handle size 0 to avoid buffer underread (AFL)
-rw-r--r-- | camlibs/clicksmart310/clicksmart.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/camlibs/clicksmart310/clicksmart.c b/camlibs/clicksmart310/clicksmart.c index a867284c8..634ec3f60 100644 --- a/camlibs/clicksmart310/clicksmart.c +++ b/camlibs/clicksmart310/clicksmart.c @@ -161,6 +161,8 @@ clicksmart_read_pic_data (CameraPrivateLibrary *priv, GPPort *port, size=(priv->catalog[16*n + 12] * 0x100)+(priv->catalog[16*n + 11]); if (size == 0) /* for lo-res photos the above calculation gives 0 */ size = (priv->catalog[16*n + 5] * 0x100); + if (size == 0) /* this means data corruption */ + return GP_ERROR; remainder = size%0x200; |