Skip to content

Commit

Permalink
ape: make sure corruption check does not underflow
Browse files Browse the repository at this point in the history 
See cmus#262
  • Loading branch information
@flyingmutant
flyingmutant committed Apr 27, 2015
1 parent 5b44bb6 commit dc42177
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions ape.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ static int read_header(int fd, struct ape_header *h)

if (read_all(fd, buf, sizeof(buf)) != sizeof(buf))
return 0;

return ape_parse_header(buf, h);
}

Expand Down Expand Up @@ -142,12 +143,12 @@ static int ape_parse_one(const char *buf, int size, char **keyp, char **valp)
while (size - pos > 8) {
uint32_t val_len, flags;
char *key, *val;
int max_key_len, key_len;
int64_t max_key_len, key_len;

val_len = read_le32(buf + pos); pos += 4;
flags = read_le32(buf + pos); pos += 4;

max_key_len = size - pos - val_len - 1;
max_key_len = size - pos - (int64_t)val_len - 1;
if (max_key_len < 0) {
/* corrupt */
break;
Expand Down

0 comments on commit dc42177

Please sign in to comment.