diff options
author | Christophe Grenier <grenier@cgsecurity.org> | 2014-07-26 22:50:16 +0200 |
---|---|---|
committer | Christophe Grenier <grenier@cgsecurity.org> | 2014-07-26 22:50:16 +0200 |
commit | 20942518d5b53680ce461c46a7edb3b2ecbdc38f (patch) | |
tree | d78d5160270d1c06c46cb1f7249e7e992f9d0c3d /src/fat_dir.c | |
parent | 132fba09962b72a9a86739b968faaa53f140150d (diff) |
Fix potential integer overflow
Diffstat (limited to 'src/fat_dir.c')
-rw-r--r-- | src/fat_dir.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/fat_dir.c b/src/fat_dir.c index faa739e..99842d2 100644 --- a/src/fat_dir.c +++ b/src/fat_dir.c @@ -340,6 +340,10 @@ static int fat_dir(disk_t *disk_car, const partition_t *partition, dir_data_t *d } cluster=le32(fat_header->root_cluster); } + if(get_next_cluster(disk_car, partition, partition->upart_type, le16(fat_header->reserved), cluster)==0) + { + return 0; + } { const unsigned int cluster_size=fat_header->sectors_per_cluster * fat_sector_size(fat_header); unsigned char *buffer_dir=(unsigned char *)MALLOC(cluster_size*NBR_CLUSTER_MAX); @@ -357,7 +361,7 @@ static int fat_dir(disk_t *disk_car, const partition_t *partition, dir_data_t *d nbr_cluster=0; while(!is_EOC(cluster, partition->upart_type) && cluster>=2 && nbr_cluster<NBR_CLUSTER_MAX && stop==0) { - uint64_t start=partition->part_offset+(uint64_t)(start_data+(cluster-2)*fat_header->sectors_per_cluster)*fat_sector_size(fat_header); + const uint64_t start=partition->part_offset+(uint64_t)(start_data+(cluster-2)*fat_header->sectors_per_cluster)*fat_sector_size(fat_header); // if(dir_data->verbose>0) { log_info("FAT: cluster=%u(0x%x), pos=%lu\n",cluster,cluster,(long unsigned)(start/fat_sector_size(fat_header))); |