summaryrefslogtreecommitdiffstats
path: root/src/file_ogg.c
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2008-06-10 12:54:11 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2008-06-10 12:54:11 +0200
commit721e07c84ddd8dee684525b80e9ac7764eb9f137 (patch)
tree83f694c14e3359bfdfefb9a3f428e01271b3fa06 /src/file_ogg.c
parentbe35fb3259e89a5ad1831f2a746932d2a0d23662 (diff)
PhotoRec: fix out of bound read access
Diffstat (limited to 'src/file_ogg.c')
-rw-r--r--src/file_ogg.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/file_ogg.c b/src/file_ogg.c
index 675603b..40e62d0 100644
--- a/src/file_ogg.c
+++ b/src/file_ogg.c
@@ -2,7 +2,7 @@
File: file_ogg.c
- Copyright (C) 1998-2005,2007 Christophe GRENIER <grenier@cgsecurity.org>
+ Copyright (C) 1998-2005,2007-2008 Christophe GRENIER <grenier@cgsecurity.org>
This software is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -71,7 +71,8 @@ static int header_check_ogg(const unsigned char *buffer, const unsigned int buff
/* http://www.ietf.org/rfc/rfc3533.txt */
static int data_check_ogg(const unsigned char *buffer, const unsigned int buffer_size, file_recovery_t *file_recovery)
{
- while(file_recovery->calculated_file_size + 27 + 255 < file_recovery->file_size + buffer_size/2)
+ while(file_recovery->calculated_file_size + buffer_size/2 >= file_recovery->file_size &&
+ file_recovery->calculated_file_size + 27 +255 < file_recovery->file_size + buffer_size/2)
{
unsigned int i=file_recovery->calculated_file_size - file_recovery->file_size + buffer_size/2;
if(memcmp(&buffer[i],ogg_header,sizeof(ogg_header))==0)