claunia/libcdio-osx
Archived
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

fix incorrect behavior and potential buffer overrun in mmc_read_cd when i_blocks exceeds MAX_CD_READ_BLOCKS

Browse Source
This commit is contained in:
edsdead
2008-05-09 06:43:53 +00:00
parent b07d491fcd
commit 58b9aee8e5
1 changed files with 4 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/driver/mmc.c
View File

@@ -1,6 +1,6 @@
/* Common Multimedia Command (MMC) routines. /* Common Multimedia Command (MMC) routines.
$Id: mmc.c,v 1.38 2008/04/22 15:29:12 karl Exp $ $Id: mmc.c,v 1.39 2008/05/09 06:43:53 edsdead Exp $
Copyright (C) 2004, 2005, 2006, 2007, 2008 Rocky Bernstein <rocky@gnu.org> Copyright (C) 2004, 2005, 2006, 2007, 2008 Rocky Bernstein <rocky@gnu.org>
@@ -1304,10 +1304,7 @@ mmc_read_cd ( const CdIo_t *p_cdio, void *p_buf, lsn_t i_lsn,
i_read_type = read_sector_type << 2; i_read_type = read_sector_type << 2;
if (b_digital_audio_play) i_read_type |= 0x2; if (b_digital_audio_play) i_read_type |= 0x2;
CDIO_MMC_SET_READ_TYPE(cdb.field, i_read_type);
CDIO_MMC_SET_READ_TYPE (cdb.field, i_read_type);
CDIO_MMC_SET_READ_LENGTH24(cdb.field, i_blocks);
if (b_sync) cdb9 |= 128; if (b_sync) cdb9 |= 128;
if (b_user_data) cdb9 |= 16; if (b_user_data) cdb9 |= 16;
@@ -1328,6 +1325,7 @@ mmc_read_cd ( const CdIo_t *p_cdio, void *p_buf, lsn_t i_lsn,
void *p_buf2 = ((char *)p_buf ) + (j * i_blocksize); void *p_buf2 = ((char *)p_buf ) + (j * i_blocksize);
CDIO_MMC_SET_READ_LBA (cdb.field, (i_lsn+j)); CDIO_MMC_SET_READ_LBA (cdb.field, (i_lsn+j));
CDIO_MMC_SET_READ_LENGTH24(cdb.field, i_blocks2);
i_ret = run_mmc_cmd (p_cdio->env, CD_READ_TIMEOUT_MS, i_ret = run_mmc_cmd (p_cdio->env, CD_READ_TIMEOUT_MS,
i_cdb, &cdb, i_cdb, &cdb,