devs/foxbox
1
0
Fork 0
forked from len0rd/rockbox
Code Pull requests Activity

pictureflow: fix bug in calculation of album art buf size

Browse source 
I intended to check for enough space in buffer but this isn't
really doing it and it is making aa_bufsz slightly too big so
it's a possible buffer overflow.

Restore the old ALIGN_DOWN(..., 4) rounding in case it's important,
if not, then no harm done.

Change-Id: I904f255ac79a77d5328b44667502ceae8308e659
This commit is contained in:
Aidan MacDonald 2022-05-07 15:52:26 +01:00
parent 2c4480979f
commit f661dc596e
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apps/plugins/pictureflow/pictureflow.c
View file

@ -4303,7 +4303,7 @@ static int pictureflow_main(const char* selected_file)
number_of_slides = pf_idx.album_ct;
size_t aa_bufsz = pf_idx.buf_sz / 4 + sizeof(long) - 1;
size_t aa_bufsz = ALIGN_DOWN(pf_idx.buf_sz / 4, sizeof(long));
if (aa_bufsz < DISPLAY_WIDTH * DISPLAY_HEIGHT * sizeof(pix_t))
{
error_wait("Not enough memory for album art cache");
@ -4313,6 +4313,7 @@ static int pictureflow_main(const char* selected_file)
ALIGN_BUFFER(pf_idx.buf, pf_idx.buf_sz, sizeof(long));
aa_cache.buf = (char*) pf_idx.buf;
aa_cache.buf_sz = aa_bufsz;
pf_idx.buf += aa_bufsz;
pf_idx.buf_sz -= aa_bufsz;