Fix possible buffer overflow

git-svn-id: svn://svn.rockbox.org/rockbox/trunk@25886 a1c6a512-1295-4272-9138-f99709370657
author: Frank Gevaerts <frank@gevaerts.be> 2010-05-07 19:36:51 +0000
committer: Frank Gevaerts <frank@gevaerts.be> 2010-05-07 19:36:51 +0000
commit: e4f1bfe1c46e3421961952738294902dddbbe426 (patch)
tree: 26705ff0b3e2eb68dbd17a849ca88a8f5fa4d2f1 /apps/plugins/imageviewer/imageviewer.c
parent: 1c9cc6846cd9988fc2daea3c87ff15ecfe4df3d9 (diff)
download: rockbox-e4f1bfe1c46e3421961952738294902dddbbe426.tar.gz
rockbox-e4f1bfe1c46e3421961952738294902dddbbe426.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/apps/plugins/imageviewer/imageviewer.c b/apps/plugins/imageviewer/imageviewer.c
index d258cf3433..ed41719cca 100644
--- a/apps/plugins/imageviewer/imageviewer.c
+++ b/apps/plugins/imageviewer/imageviewer.c
@@ -128,7 +128,7 @@ static void get_pic_list(void)
     pname = rb->strrchr(np_file,'/');
     pname++;
 
-    for (i = 0; i < tree->filesindir; i++)
+    for (i = 0; i < tree->filesindir && buf_size > sizeof(char**); i++)
     {
         if (!(dircache[i].attr & ATTR_DIRECTORY)
             && img_ext(rb->strrchr(dircache[i].name,'.')))
@@ -138,11 +138,11 @@ static void get_pic_list(void)
             if (!rb->strcmp(file_pt[entries], pname))
                 curfile = entries;
             entries++;
+
+            buf += (sizeof(char**));
+            buf_size -= (sizeof(char**));
         }
     }
-
-    buf += (entries * sizeof(char**));
-    buf_size -= (entries * sizeof(char**));
 }
 
 static int change_filename(int direct)
author	Frank Gevaerts <frank@gevaerts.be>	2010-05-07 19:36:51 +0000
committer	Frank Gevaerts <frank@gevaerts.be>	2010-05-07 19:36:51 +0000
commit	e4f1bfe1c46e3421961952738294902dddbbe426 (patch)
tree	26705ff0b3e2eb68dbd17a849ca88a8f5fa4d2f1 /apps/plugins/imageviewer/imageviewer.c
parent	1c9cc6846cd9988fc2daea3c87ff15ecfe4df3d9 (diff)
download	rockbox-e4f1bfe1c46e3421961952738294902dddbbe426.tar.gz rockbox-e4f1bfe1c46e3421961952738294902dddbbe426.zip