diff options
| author | Marcus Meissner <marcus@jet.franken.de> | 2020-01-26 15:18:41 +0100 |
|---|---|---|
| committer | Marcus Meissner <marcus@jet.franken.de> | 2020-01-26 15:18:41 +0100 |
| commit | e896e9fa29dca143fbe2773ab56305ba381ce405 (patch) | |
| tree | 24512380d0f2d4a64740e15189239acc7dabc3e3 | |
| parent | 48587928b550f757a3daa38e2e81e1c1991b95e1 (diff) | |
| download | libgphoto2-e896e9fa29dca143fbe2773ab56305ba381ce405.tar.gz | |
added size checking (AFL)
| -rw-r--r-- | camlibs/kodak/dc240/library.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/camlibs/kodak/dc240/library.c b/camlibs/kodak/dc240/library.c index d9949687b..f5d0d644e 100644 --- a/camlibs/kodak/dc240/library.c +++ b/camlibs/kodak/dc240/library.c @@ -760,6 +760,11 @@ int dc240_get_directory_list (Camera *camera, CameraList *list, const char *fold num_of_entries = be16atoh(&fdata [0]) + 1; total_size = 2 + (num_of_entries * 20); GP_DEBUG ("number of file entries : %d, size = %ld", num_of_entries, fsize); + if (total_size > fsize) { + GP_DEBUG ("total_size %d > fsize %ld", total_size, fsize); + gp_file_free (file); + return GP_ERROR; + } for (x = 2; x < total_size; x += 20) { if ((fdata[x] != '.') && (attrib == (unsigned char)fdata[x+11])) { /* Files have attrib 0x00, Folders have attrib 0x10 */ |