From 6147eb07bf00770bd5bb09ae905342f0117ff502 Mon Sep 17 00:00:00 2001
From: Christophe Fergeau
Date: Sun, 1 Nov 2009 22:09:43 +0100
Subject: make sure 'length' is >=0 in afc_file_read

trying to read a negative amount of data doesn't make much sense, and the
returned 'bytes' value will overflow if we try to do that. Just treat
negative length values as an invalid argument. An alternative way of
handling it would be to silently return OK/0 bytes read.
---
 src/AFC.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/AFC.c b/src/AFC.c
index c97141c..a2edae7 100644
--- a/src/AFC.c
+++ b/src/AFC.c
@@ -742,7 +742,7 @@ afc_file_read(afc_client_t client, uint64_t handle, char *data, int length, uint
 	const int MAXIMUM_READ_SIZE = 1 << 16;
 	afc_error_t ret = AFC_E_SUCCESS;
 
-	if (!client || !client->afc_packet || !client->connection || handle == 0)
+	if (!client || !client->afc_packet || !client->connection || handle == 0 || (length < 0))
 		return AFC_E_INVALID_ARGUMENT;
 	log_debug_msg("%s: called for length %i\n", __func__, length);
 
-- 
cgit v1.1-32-gdbae