Commit 9d612366 authored by Petri Hintukainen's avatar Petri Hintukainen

Fix possible memory corruption in _read_file_entry() and _read_dir_file()

This can happen when ICB location is valid, ICB size is 0, and
malloc(0) returns valid pointer.
parent 4205e77d
......@@ -773,6 +773,9 @@ static struct file_entry *_read_file_entry(udfread *udf,
int tag_id;
udf_trace("file entry size %u bytes\n", icb->length);
if (num_blocks < 1) {
return NULL;
}
buf = malloc(num_blocks * UDF_BLOCK_SIZE);
if (!buf) {
......@@ -851,6 +854,10 @@ static struct udf_dir *_read_dir_file(udfread *udf, const struct long_ad *loc)
uint8_t *data;
struct udf_dir *dir = NULL;
if (num_blocks < 1) {
return NULL;
}
data = malloc(num_blocks * UDF_BLOCK_SIZE);
if (!data) {
udf_error("out of memory\n");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment