summaryrefslogtreecommitdiffstats
path: root/src/file_bld.c
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2008-06-10 12:54:11 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2008-06-10 12:54:11 +0200
commit721e07c84ddd8dee684525b80e9ac7764eb9f137 (patch)
tree83f694c14e3359bfdfefb9a3f428e01271b3fa06 /src/file_bld.c
parentbe35fb3259e89a5ad1831f2a746932d2a0d23662 (diff)
PhotoRec: fix out of bound read access
Diffstat (limited to 'src/file_bld.c')
-rw-r--r--src/file_bld.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/file_bld.c b/src/file_bld.c
index fdf42b8..ce3b8a8 100644
--- a/src/file_bld.c
+++ b/src/file_bld.c
@@ -2,7 +2,7 @@
File: file_bld.c
- Copyright (C) 2006-2007 Christophe GRENIER <grenier@cgsecurity.org>
+ Copyright (C) 2006-2008 Christophe GRENIER <grenier@cgsecurity.org>
This software is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -85,7 +85,8 @@ static int header_check_blend(const unsigned char *buffer, const unsigned int bu
static int data_check_blend4le(const unsigned char *buffer, const unsigned int buffer_size, file_recovery_t *file_recovery)
{
- while(file_recovery->calculated_file_size + 0x14 < file_recovery->file_size + buffer_size/2)
+ while(file_recovery->calculated_file_size + buffer_size/2 >= file_recovery->file_size &&
+ file_recovery->calculated_file_size + 0x14 < file_recovery->file_size + buffer_size/2)
{
unsigned int len;
unsigned int i=file_recovery->calculated_file_size - file_recovery->file_size + buffer_size/2;