From a94e59ca2192a9ba80d5ab1919dc25918ce4163c Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Wed, 24 Dec 2008 17:40:41 +0100 Subject: [PATCH] stored_playlist: fix integer overflow in length estimation With a large maximum playlist length, the integer multiplication "playlist_max_length * MPD_PATH_MAX" may overflow. Change that to a division. This was not a dangerous bug, since it was only used for a quick estimate. --- src/stored_playlist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/stored_playlist.c b/src/stored_playlist.c index 5c2d46709..78977bf69 100644 --- a/src/stored_playlist.c +++ b/src/stored_playlist.c @@ -338,7 +338,7 @@ spl_append_song(const char *utf8path, struct song *song) return PLAYLIST_RESULT_ERRNO; } - if (st.st_size >= ((MPD_PATH_MAX+1) * (off_t)playlist_max_length)) { + if (st.st_size / (MPD_PATH_MAX + 1) >= (off_t)playlist_max_length) { while (fclose(file) != 0 && errno == EINTR); return PLAYLIST_RESULT_TOO_LARGE; }