cuesheet: Fix another possible buffer overflow with long filenames.

Change-Id: I9d8fa8fcb0a872f688664c53881fde93f2de9436
author: Thomas Martitz <kugel@rockbox.org> 2014-01-11 18:24:48 +0100
committer: Thomas Martitz <kugel@rockbox.org> 2014-01-11 18:24:48 +0100
commit: 2a471c9e84ddc4f6f407d4fe3ad2a21a1d0e3723 (patch)
tree: 63f3e353b1ce425b5348a63c671728449c58e652 /apps/cuesheet.c
parent: fe08ac4c2fc2c8c0177ddd6545e3c6a69d07b5db (diff)
download: rockbox-2a471c9e84ddc4f6f407d4fe3ad2a21a1d0e3723.tar.gz
rockbox-2a471c9e84ddc4f6f407d4fe3ad2a21a1d0e3723.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/apps/cuesheet.c b/apps/cuesheet.c
index 0ba71762a9..73dd19fdab 100644
--- a/apps/cuesheet.c
+++ b/apps/cuesheet.c
@@ -73,11 +73,13 @@ bool look_for_cuesheet_file(struct mp3entry *track_id3, struct cuesheet_file *cu
    if (!dot || !file_exists(cuepath))
    {
        strcpy(cuepath, CUE_DIR);
-        strlcat(cuepath, slash, MAX_PATH);
+        if (strlcat(cuepath, slash, MAX_PATH) >= MAX_PATH)
+            goto skip; /* overflow */   
        char *dot = strrchr(cuepath, '.');
        strcpy(dot, ".cue");
        if (!file_exists(cuepath))
        {
+skip:
            if ((len+4) >= MAX_PATH)
                return false;
            strlcpy(cuepath, track_id3->path, MAX_PATH);
author	Thomas Martitz <kugel@rockbox.org>	2014-01-11 18:24:48 +0100
committer	Thomas Martitz <kugel@rockbox.org>	2014-01-11 18:24:48 +0100
commit	2a471c9e84ddc4f6f407d4fe3ad2a21a1d0e3723 (patch)
tree	63f3e353b1ce425b5348a63c671728449c58e652 /apps/cuesheet.c
parent	fe08ac4c2fc2c8c0177ddd6545e3c6a69d07b5db (diff)
download	rockbox-2a471c9e84ddc4f6f407d4fe3ad2a21a1d0e3723.tar.gz rockbox-2a471c9e84ddc4f6f407d4fe3ad2a21a1d0e3723.zip