tag_ape: removed redundant length check
Extend the tagLen check after reading it. Removed the second (redundant) check after the subtraction.
This commit is contained in:
parent
a988b9b025
commit
e3ff0ab6d1
@ -22,6 +22,7 @@
|
|||||||
|
|
||||||
#include <glib.h>
|
#include <glib.h>
|
||||||
|
|
||||||
|
#include <assert.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
struct tag *
|
struct tag *
|
||||||
@ -86,15 +87,15 @@ tag_ape_load(const char *file)
|
|||||||
|
|
||||||
/* find beginning of ape tag */
|
/* find beginning of ape tag */
|
||||||
tagLen = GUINT32_FROM_LE(footer.length);
|
tagLen = GUINT32_FROM_LE(footer.length);
|
||||||
if (tagLen < sizeof(footer))
|
if (tagLen <= sizeof(footer) + 10)
|
||||||
goto fail;
|
goto fail;
|
||||||
if (fseek(fp, size - tagLen, SEEK_SET))
|
if (fseek(fp, size - tagLen, SEEK_SET))
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
/* read tag into buffer */
|
/* read tag into buffer */
|
||||||
tagLen -= sizeof(footer);
|
tagLen -= sizeof(footer);
|
||||||
if (tagLen <= 0)
|
assert(tagLen > 10);
|
||||||
goto fail;
|
|
||||||
buffer = g_malloc(tagLen);
|
buffer = g_malloc(tagLen);
|
||||||
if (fread(buffer, 1, tagLen, fp) != tagLen)
|
if (fread(buffer, 1, tagLen, fp) != tagLen)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
Loading…
Reference in New Issue
Block a user