summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarcus Meissner <marcus@jet.franken.de>2020-01-26 19:39:21 +0100
committerMarcus Meissner <marcus@jet.franken.de>2020-01-26 19:46:05 +0100
commitcd19a02e300b27db24194ccb82b787545260c4b6 (patch)
tree920327902575ce19a063b12c114c1ded918e9e10
parent634d11318929d6a1d3c297f3e1a149d767fd2c04 (diff)
downloadlibgphoto2-cd19a02e300b27db24194ccb82b787545260c4b6.tar.gz
added more sanity checks to avoid NULL ptr deref (AFL)
Diffstat
-rw-r--r--camlibs/kodak/dc240/library.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/camlibs/kodak/dc240/library.c b/camlibs/kodak/dc240/library.c
index f5d0d644e..a77d0999c 100644
--- a/camlibs/kodak/dc240/library.c
+++ b/camlibs/kodak/dc240/library.c
@@ -465,7 +465,10 @@ static int dc240_get_file_size (Camera *camera, const char *folder, const char *
if (dc240_packet_exchange(camera, f, p1, p2, &size, 256, context) < 0)
size = 0;
else {
- gp_file_get_data_and_size (f, (const char**)&fdata, &fsize);
+ int ret;
+ ret = gp_file_get_data_and_size (f, (const char**)&fdata, &fsize);
+ if (ret < GP_OK) return ret;
+ if (!fdata || (fsize < 4)) return GP_ERROR;
size = (fdata[offset] << 24) |
(fdata[offset+1] << 16) |
(fdata[offset+2] << 8 ) |
@@ -805,7 +808,7 @@ int dc240_file_action (Camera *camera, int action, CameraFile *file,
thumb = 1;
/* no break on purpose */
case DC240_ACTION_IMAGE:
- if ((size = dc240_get_file_size(camera, folder, filename, thumb, context)) < 0) {
+ if ((size = dc240_get_file_size(camera, folder, filename, thumb, context)) < GP_OK) {
retval = GP_ERROR;
break;
}
View Lorry Controller Status