Bug 6913 - fix for possible buffer overflow

author Tilghman Lesher <tilghman@meg.abyt.es>

Fri, 7 Apr 2006 22:07:38 +0000 (22:07 +0000)

committer Tilghman Lesher <tilghman@meg.abyt.es>

Fri, 7 Apr 2006 22:07:38 +0000 (22:07 +0000)
author Tilghman Lesher <tilghman@meg.abyt.es>
Fri, 7 Apr 2006 22:07:38 +0000 (22:07 +0000)
committer Tilghman Lesher <tilghman@meg.abyt.es>
Fri, 7 Apr 2006 22:07:38 +0000 (22:07 +0000)
diff --git a/formats/format_jpeg.c b/formats/format_jpeg.c

index d71aeec8019b16be6e92da72c4aab9ac675f9381..96fed0deabd72fe0d5d669676a0b8eaedd3af2a7 100644 (file)
--- a/formats/format_jpeg.c
+++ b/formats/format_jpeg.c
@@ -55,7 +55,7 @@ static struct ast_frame *jpeg_read_image(int fd, int len)
         struct ast_frame fr;
         int res;
         char buf[65536];
-       if (len > sizeof(buf)) {
+       if (len > sizeof(buf) || len < 0) {
                 ast_log(LOG_WARNING, "JPEG image too large to read\n");
                 return NULL;
         }
author	Tilghman Lesher <tilghman@meg.abyt.es>
	Fri, 7 Apr 2006 22:07:38 +0000 (22:07 +0000)
committer	Tilghman Lesher <tilghman@meg.abyt.es>
	Fri, 7 Apr 2006 22:07:38 +0000 (22:07 +0000)