diff options
| author | Magnus Holmgren <magnushol@gmail.com> | 2008-02-06 19:51:19 +0000 |
|---|---|---|
| committer | Magnus Holmgren <magnushol@gmail.com> | 2008-02-06 19:51:19 +0000 |
| commit | 2235081dbc2c0820c09b84613d81174f98ad8382 (patch) | |
| tree | a6e05aa766fbaf967892a56d78ba1d6fce0b585a | |
| parent | 8a7e626ec2f8cda5da8d66df9b92746c7a51d72e (diff) | |
| download | rockbox-2235081dbc2c0820c09b84613d81174f98ad8382.tar.gz rockbox-2235081dbc2c0820c09b84613d81174f98ad8382.zip | |
Prevent possible buffer overflow when locating album art.
git-svn-id: svn://svn.rockbox.org/rockbox/trunk@16231 a1c6a512-1295-4272-9138-f99709370657
| -rw-r--r-- | apps/misc.c | 26 | ||||
| -rw-r--r-- | apps/misc.h | 2 | ||||
| -rw-r--r-- | apps/recorder/albumart.c | 2 | ||||
| -rw-r--r-- | apps/tree.c | 2 |
4 files changed, 23 insertions, 9 deletions
diff --git a/apps/misc.c b/apps/misc.c index a85169598f..8fe8791677 100644 --- a/apps/misc.c +++ b/apps/misc.c @@ -1125,17 +1125,31 @@ bool dir_exists(const char *path) * removes the extension of filename (if it doesn't start with a .) * puts the result in buffer */ -char *strip_extension(const char *filename, char *buffer) +char *strip_extension(char* buffer, int buffer_size, const char *filename) { - int dotpos; char *dot = strrchr(filename, '.'); + int len; + + if (buffer_size <= 0) + { + return NULL; + } + + buffer_size--; /* Make room for end nil */ + if (dot != 0 && filename[0] != '.') { - dotpos = dot - filename; - strncpy(buffer, filename, dotpos); - buffer[dotpos] = '\0'; + len = dot - filename; + len = MIN(len, buffer_size); + strncpy(buffer, filename, len); } else - strcpy(buffer, filename); + { + len = buffer_size; + strncpy(buffer, filename, buffer_size); + } + + buffer[len] = 0; + return buffer; } diff --git a/apps/misc.h b/apps/misc.h index 99eadc443a..289d952afb 100644 --- a/apps/misc.h +++ b/apps/misc.h @@ -122,6 +122,6 @@ bool dir_exists(const char *path); * removes the extension of filename (if it doesn't start with a .) * puts the result in buffer */ -char *strip_extension(const char *filename, char *buffer); +char *strip_extension(char* buffer, int buffer_size, const char *filename); #endif /* MISC_H */ diff --git a/apps/recorder/albumart.c b/apps/recorder/albumart.c index c4d3a0e0bd..9da5d824b5 100644 --- a/apps/recorder/albumart.c +++ b/apps/recorder/albumart.c @@ -124,7 +124,7 @@ bool search_albumart_files(const struct mp3entry *id3, const char *size_string, albumlen = id3->album ? strlen(id3->album) : 0; /* the first file we look for is one specific to the track playing */ - strip_extension(trackname, path); + strip_extension(path, sizeof(path) - strlen(size_string) - 4, trackname); strcat(path, size_string); strcat(path, ".bmp"); found = file_exists(path); diff --git a/apps/tree.c b/apps/tree.c index 5c4b752751..a0e5ef000a 100644 --- a/apps/tree.c +++ b/apps/tree.c @@ -163,7 +163,7 @@ static char * tree_get_filename(int selected_item, void * data, char *buffer) if(stripit) { - return(strip_extension(name, buffer)); + return(strip_extension(buffer, MAX_PATH, name)); } return(name); } |