Prevent possible buffer overflow when locating album art.

git-svn-id: svn://svn.rockbox.org/rockbox/trunk@16231 a1c6a512-1295-4272-9138-f99709370657
2025-12-09 13:15:18 -05:00 · 2008-02-06 19:51:19 +00:00 · 2008-02-06 19:51:19 +00:00 · 2235081dbc
commit 2235081dbc
parent 8a7e626ec2
4 changed files with 23 additions and 9 deletions
--- a/apps/misc.c
+++ b/apps/misc.c
@ -1125,17 +1125,31 @@ bool dir_exists(const char *path)
 * removes the extension of filename (if it doesn't start with a .)
 * puts the result in buffer
 */
-char *strip_extension(const char *filename, char *buffer)
+char *strip_extension(char* buffer, int buffer_size, const char *filename)
 {
-    int dotpos;
    char *dot = strrchr(filename, '.');
+    int len;
+    
+    if (buffer_size <= 0)
+    {
+        return NULL;
+    }
+
+    buffer_size--;  /* Make room for end nil */
+
    if (dot != 0 && filename[0] != '.')
    {
-        dotpos = dot - filename;
-        strncpy(buffer, filename, dotpos);
-        buffer[dotpos] = '\0';
+        len = dot - filename;
+        len = MIN(len, buffer_size);
+        strncpy(buffer, filename, len);
    }
    else
-        strcpy(buffer, filename);
+    {
+        len = buffer_size;
+        strncpy(buffer, filename, buffer_size);
+    }
+
+    buffer[len] = 0;
+
    return buffer;
 }
--- a/apps/misc.h
+++ b/apps/misc.h
@ -122,6 +122,6 @@ bool dir_exists(const char *path);
 * removes the extension of filename (if it doesn't start with a .)
 * puts the result in buffer
 */
-char *strip_extension(const char *filename, char *buffer);
+char *strip_extension(char* buffer, int buffer_size, const char *filename);

 #endif /* MISC_H */
--- a/apps/recorder/albumart.c
+++ b/apps/recorder/albumart.c
@ -124,7 +124,7 @@ bool search_albumart_files(const struct mp3entry *id3, const char *size_string,
    albumlen = id3->album ? strlen(id3->album) : 0;

    /* the first file we look for is one specific to the track playing */
-    strip_extension(trackname, path);
+    strip_extension(path, sizeof(path) - strlen(size_string) - 4, trackname);
    strcat(path, size_string);
    strcat(path, ".bmp");
    found = file_exists(path);
--- a/apps/tree.c
+++ b/apps/tree.c
@ -163,7 +163,7 @@ static char * tree_get_filename(int selected_item, void * data, char *buffer)

    if(stripit)
    {
-        return(strip_extension(name, buffer));
+        return(strip_extension(buffer, MAX_PATH, name));
    }
    return(name);
 }