summaryrefslogtreecommitdiffstats
path: root/apps/tree.h
diff options
context:
space:
mode:
authorWilliam Wilgus <me.theuser@yahoo.com>2018-12-13 10:39:49 -0600
committerWilliam Wilgus <me.theuser@yahoo.com>2018-12-14 01:28:17 -0600
commit3f110daf3032187c052a6e3c1b05d01d1a4582d0 (patch)
treed2fcb43e9010dd7f5b414b68d23448dfcccd8513 /apps/tree.h
parentce0b31d87db3c4c1c1bfb535c50770d33e9c4aaf (diff)
downloadrockbox-3f110daf3032187c052a6e3c1b05d01d1a4582d0.tar.gz
rockbox-3f110daf3032187c052a6e3c1b05d01d1a4582d0.tar.bz2
rockbox-3f110daf3032187c052a6e3c1b05d01d1a4582d0.zip
Fix tree.c->tree_get_entry_at() buffer overflow
I observed a crash on buflib>move_block after dumping ram I noticed that the buffer for filetypes was being corrupted tree_get_entry_at returns a entry from the buflib 'tree entry' buffer filetree.c->ft_load writes data to this buffer before checking if it has reached the last entry resulting in buffer overflow that overwrites the next entry in the buffer ['filetypes'] Patch checks that the index passed to tree_get_entry_at() is in range otherwise it returns NULL Added checks + panic in other functions using tree_get_entry_at() Fixed tree_lock_cache() calls in playlist and filetree Change-Id: Ibf9e65652b4e00445e8e509629aebbcddffcfd4d
Diffstat (limited to 'apps/tree.h')
-rw-r--r--apps/tree.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/apps/tree.h b/apps/tree.h
index 77dc5da1b4..c70ae8dac1 100644
--- a/apps/tree.h
+++ b/apps/tree.h
@@ -105,7 +105,9 @@ struct tree_context {
/*
* Call one of the two below after yields since the entrys may move inbetween */
struct entry* tree_get_entries(struct tree_context *t);
+/* returns NULL on invalid index */
struct entry* tree_get_entry_at(struct tree_context *t, int index);
+
void tree_mem_init(void) INIT_ATTR;
void tree_gui_init(void) INIT_ATTR;
char* get_current_file(char* buffer, size_t buffer_len);