diff options
| author |  Christophe Fergeau | 2009-11-01 22:09:43 +0100 |
|---|---|---|
| committer |  Matt Colyer | 2009-11-05 20:45:40 -0800 |
| commit | 6147eb07bf00770bd5bb09ae905342f0117ff502 (patch) | |
| tree | f29b4a93f51448c94f004b95cc361c9f0e1f76fa /src/AFC.c | |
| parent | 8e489a46965bbc3683cec7698ccaf71bb5855d2a (diff) | |
| download | libimobiledevice-6147eb07bf00770bd5bb09ae905342f0117ff502.tar.gz libimobiledevice-6147eb07bf00770bd5bb09ae905342f0117ff502.tar.bz2 | |
make sure 'length' is >=0 in afc_file_read
trying to read a negative amount of data doesn't make much sense, and the
returned 'bytes' value will overflow if we try to do that. Just treat
negative length values as an invalid argument. An alternative way of
handling it would be to silently return OK/0 bytes read.
Diffstat (limited to 'src/AFC.c')
| -rw-r--r-- | src/AFC.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -742,7 +742,7 @@ afc_file_read(afc_client_t client, uint64_t handle, char *data, int length, uint const int MAXIMUM_READ_SIZE = 1 << 16; afc_error_t ret = AFC_E_SUCCESS; - if (!client || !client->afc_packet || !client->connection || handle == 0) + if (!client || !client->afc_packet || !client->connection || handle == 0 || (length < 0)) return AFC_E_INVALID_ARGUMENT; log_debug_msg("%s: called for length %i\n", __func__, length); |