make sure 'length' is >=0 in afc_file_read

trying to read a negative amount of data doesn't make much sense, and the returned 'bytes' value will overflow if we try to do that. Just treat negative length values as an invalid argument. An alternative way of handling it would be to silently return OK/0 bytes read.
author: Christophe Fergeau 2009-11-01 22:09:43 +0100
committer: Matt Colyer 2009-11-05 20:45:40 -0800
commit: 6147eb07bf00770bd5bb09ae905342f0117ff502 (patch)
tree: f29b4a93f51448c94f004b95cc361c9f0e1f76fa /src
parent: 8e489a46965bbc3683cec7698ccaf71bb5855d2a (diff)
download: libimobiledevice-6147eb07bf00770bd5bb09ae905342f0117ff502.tar.gz
libimobiledevice-6147eb07bf00770bd5bb09ae905342f0117ff502.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/AFC.c b/src/AFC.c
index c97141c..a2edae7 100644
--- a/src/AFC.c
+++ b/src/AFC.c
@@ -742,7 +742,7 @@ afc_file_read(afc_client_t client, uint64_t handle, char *data, int length, uint
        const int MAXIMUM_READ_SIZE = 1 << 16;
        afc_error_t ret = AFC_E_SUCCESS;
-        if (!client || !client->afc_packet || !client->connection || handle == 0)
+        if (!client || !client->afc_packet || !client->connection || handle == 0 || (length < 0))
                return AFC_E_INVALID_ARGUMENT;
        log_debug_msg("%s: called for length %i\n", __func__, length);
author	Christophe Fergeau	2009-11-01 22:09:43 +0100
committer	Matt Colyer	2009-11-05 20:45:40 -0800
commit	6147eb07bf00770bd5bb09ae905342f0117ff502 (patch)
tree	f29b4a93f51448c94f004b95cc361c9f0e1f76fa /src
parent	8e489a46965bbc3683cec7698ccaf71bb5855d2a (diff)
download	libimobiledevice-6147eb07bf00770bd5bb09ae905342f0117ff502.tar.gz libimobiledevice-6147eb07bf00770bd5bb09ae905342f0117ff502.tar.bz2

diff --git a/src/AFC.c b/src/AFC.c index c97141c..a2edae7 100644 --- a/src/AFC.c +++ b/src/AFC.c
@@ -742,7 +742,7 @@ afc_file_read(afc_client_t client, uint64_t handle, char *data, int length, uint
742	const int MAXIMUM_READ_SIZE = 1 << 16;	742	const int MAXIMUM_READ_SIZE = 1 << 16;
743	afc_error_t ret = AFC_E_SUCCESS;	743	afc_error_t ret = AFC_E_SUCCESS;
744		744
745	if (!client \|\| !client->afc_packet \|\| !client->connection \|\| handle == 0)	745	if (!client \|\| !client->afc_packet \|\| !client->connection \|\| handle == 0 \|\| (length < 0))
746	return AFC_E_INVALID_ARGUMENT;	746	return AFC_E_INVALID_ARGUMENT;
747	log_debug_msg("%s: called for length %i\n", __func__, length);	747	log_debug_msg("%s: called for length %i\n", __func__, length);
748		748