diff options
author | Aidan MacDonald <amachronic@protonmail.com> | 2022-05-07 15:52:26 +0100 |
---|---|---|
committer | Aidan MacDonald <amachronic@protonmail.com> | 2022-05-07 15:52:26 +0100 |
commit | f661dc596e4c1b7d2d6479afbf4cb4690d6d3a7b (patch) | |
tree | 19879cd83828e1831a444bb6fd0742642ef21e1b | |
parent | 2c4480979f1b0374414b4e49957f1772bd103b79 (diff) | |
download | rockbox-f661dc596e.tar.gz rockbox-f661dc596e.zip |
pictureflow: fix bug in calculation of album art buf size
I intended to check for enough space in buffer but this isn't
really doing it and it is making aa_bufsz slightly too big so
it's a possible buffer overflow.
Restore the old ALIGN_DOWN(..., 4) rounding in case it's important,
if not, then no harm done.
Change-Id: I904f255ac79a77d5328b44667502ceae8308e659
-rw-r--r-- | apps/plugins/pictureflow/pictureflow.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/apps/plugins/pictureflow/pictureflow.c b/apps/plugins/pictureflow/pictureflow.c index 83d4bb5a59..b2d170329e 100644 --- a/apps/plugins/pictureflow/pictureflow.c +++ b/apps/plugins/pictureflow/pictureflow.c @@ -4303,7 +4303,7 @@ static int pictureflow_main(const char* selected_file) number_of_slides = pf_idx.album_ct; - size_t aa_bufsz = pf_idx.buf_sz / 4 + sizeof(long) - 1; + size_t aa_bufsz = ALIGN_DOWN(pf_idx.buf_sz / 4, sizeof(long)); if (aa_bufsz < DISPLAY_WIDTH * DISPLAY_HEIGHT * sizeof(pix_t)) { error_wait("Not enough memory for album art cache"); @@ -4313,6 +4313,7 @@ static int pictureflow_main(const char* selected_file) ALIGN_BUFFER(pf_idx.buf, pf_idx.buf_sz, sizeof(long)); aa_cache.buf = (char*) pf_idx.buf; aa_cache.buf_sz = aa_bufsz; + pf_idx.buf += aa_bufsz; pf_idx.buf_sz -= aa_bufsz; |