From 6147eb07bf00770bd5bb09ae905342f0117ff502 Mon Sep 17 00:00:00 2001 From: Christophe Fergeau Date: Sun, 1 Nov 2009 22:09:43 +0100 Subject: make sure 'length' is >=0 in afc_file_read trying to read a negative amount of data doesn't make much sense, and the returned 'bytes' value will overflow if we try to do that. Just treat negative length values as an invalid argument. An alternative way of handling it would be to silently return OK/0 bytes read. --- src/AFC.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/AFC.c b/src/AFC.c index c97141c..a2edae7 100644 --- a/src/AFC.c +++ b/src/AFC.c @@ -742,7 +742,7 @@ afc_file_read(afc_client_t client, uint64_t handle, char *data, int length, uint const int MAXIMUM_READ_SIZE = 1 << 16; afc_error_t ret = AFC_E_SUCCESS; - if (!client || !client->afc_packet || !client->connection || handle == 0) + if (!client || !client->afc_packet || !client->connection || handle == 0 || (length < 0)) return AFC_E_INVALID_ARGUMENT; log_debug_msg("%s: called for length %i\n", __func__, length); -- cgit v1.1-32-gdbae