summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Martitz <kugel@rockbox.org>2014-01-11 18:24:48 +0100
committerThomas Martitz <kugel@rockbox.org>2014-01-11 18:24:48 +0100
commit2a471c9e84ddc4f6f407d4fe3ad2a21a1d0e3723 (patch)
tree63f3e353b1ce425b5348a63c671728449c58e652
parentfe08ac4c2fc2c8c0177ddd6545e3c6a69d07b5db (diff)
downloadrockbox-2a471c9.tar.gz
rockbox-2a471c9.tar.bz2
rockbox-2a471c9.zip
cuesheet: Fix another possible buffer overflow with long filenames.
Change-Id: I9d8fa8fcb0a872f688664c53881fde93f2de9436
-rw-r--r--apps/cuesheet.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/apps/cuesheet.c b/apps/cuesheet.c
index 0ba71762a9..73dd19fdab 100644
--- a/apps/cuesheet.c
+++ b/apps/cuesheet.c
@@ -73,11 +73,13 @@ bool look_for_cuesheet_file(struct mp3entry *track_id3, struct cuesheet_file *cu
if (!dot || !file_exists(cuepath))
{
strcpy(cuepath, CUE_DIR);
- strlcat(cuepath, slash, MAX_PATH);
+ if (strlcat(cuepath, slash, MAX_PATH) >= MAX_PATH)
+ goto skip; /* overflow */
char *dot = strrchr(cuepath, '.');
strcpy(dot, ".cue");
if (!file_exists(cuepath))
{
+skip:
if ((len+4) >= MAX_PATH)
return false;
strlcpy(cuepath, track_id3->path, MAX_PATH);