diff options
| author | Thomas Martitz <kugel@rockbox.org> | 2014-01-11 18:24:48 +0100 |
|---|---|---|
| committer | Thomas Martitz <kugel@rockbox.org> | 2014-01-11 18:24:48 +0100 |
| commit | 2a471c9e84ddc4f6f407d4fe3ad2a21a1d0e3723 (patch) | |
| tree | 63f3e353b1ce425b5348a63c671728449c58e652 | |
| parent | fe08ac4c2fc2c8c0177ddd6545e3c6a69d07b5db (diff) | |
| download | rockbox-2a471c9e84ddc4f6f407d4fe3ad2a21a1d0e3723.zip rockbox-2a471c9e84ddc4f6f407d4fe3ad2a21a1d0e3723.tar.gz rockbox-2a471c9e84ddc4f6f407d4fe3ad2a21a1d0e3723.tar.bz2 rockbox-2a471c9e84ddc4f6f407d4fe3ad2a21a1d0e3723.tar.xz | |
cuesheet: Fix another possible buffer overflow with long filenames.
Change-Id: I9d8fa8fcb0a872f688664c53881fde93f2de9436
| -rw-r--r-- | apps/cuesheet.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/apps/cuesheet.c b/apps/cuesheet.c index 0ba7176..73dd19f 100644 --- a/apps/cuesheet.c +++ b/apps/cuesheet.c @@ -73,11 +73,13 @@ bool look_for_cuesheet_file(struct mp3entry *track_id3, struct cuesheet_file *cu if (!dot || !file_exists(cuepath)) { strcpy(cuepath, CUE_DIR); - strlcat(cuepath, slash, MAX_PATH); + if (strlcat(cuepath, slash, MAX_PATH) >= MAX_PATH) + goto skip; /* overflow */ char *dot = strrchr(cuepath, '.'); strcpy(dot, ".cue"); if (!file_exists(cuepath)) { +skip: if ((len+4) >= MAX_PATH) return false; strlcpy(cuepath, track_id3->path, MAX_PATH); |