diff options
| author | Marcus Meissner <meissner@suse.de> | 2020-02-13 14:23:51 +0100 |
|---|---|---|
| committer | Marcus Meissner <meissner@suse.de> | 2020-02-13 14:23:51 +0100 |
| commit | 5581a92d48206f832e3eea23e5759ffb524a825c (patch) | |
| tree | 1e2a52bd1a703eb248c1679ace1bdefbe5b38fc6 | |
| parent | 8b22f8f5242ee38ea9450e2a76a81ca94b573365 (diff) | |
| download | libgphoto2-5581a92d48206f832e3eea23e5759ffb524a825c.tar.gz | |
check for filesize to avoid overread (AFL)
| -rw-r--r-- | camlibs/gsmart300/gsmart300.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/camlibs/gsmart300/gsmart300.c b/camlibs/gsmart300/gsmart300.c index c3709a31e..590262605 100644 --- a/camlibs/gsmart300/gsmart300.c +++ b/camlibs/gsmart300/gsmart300.c @@ -146,6 +146,11 @@ gsmart300_request_file (CameraPrivateLibrary * lib, CameraFile *file, file_size = data_size + GSMART_JPG_DEFAULT_HEADER_LENGTH + 1024 * 10; + if (flash_size < data_size) { + GP_DEBUG("flash_size %d is smaller than data_size %d\n", flash_size, data_size); + return GP_ERROR_CORRUPTED_DATA; + } + /* slurp in the image */ mybuf = malloc (flash_size); if (!mybuf) |