Commit 9a9ffab3 authored by conrad's avatar conrad

check length of generated data stream in io-read-single, to avoid

exposing libogg to uninitialized packet data


git-svn-id: http://svn.annodex.net/liboggz/trunk@526 8158c8cd-e7e1-0310-9fa4-c5954c97daef
parent 92f7dd7d
......@@ -43,6 +43,7 @@
#define DATA_BUF_LEN 1024
static long serialno;
static long bytes_generated = 0;
static int read_called = 0;
static int eof_reached = 0;
......@@ -135,7 +136,7 @@ my_io_read (void * user_handle, void * buf, size_t n)
/* Mark that the read IO method was actually used */
read_called++;
len = MIN (n, DATA_BUF_LEN - offset);
len = MIN (n, bytes_generated - offset);
memcpy (buf, &data_buf[offset], len);
......@@ -177,6 +178,8 @@ main (int argc, char * argv[])
if (n >= DATA_BUF_LEN)
FAIL("Too much data generated by writer");
bytes_generated = n;
do {
ret = oggz_read (reader, 4);
} while (ret > 0 || ret == OGGZ_ERR_READ_STOP_OK);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment