aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGabriel M. Beddingfield <gabrbedd@ti.com>2011-11-28 17:17:00 -0600
committerGabriel M. Beddingfield <gabrbedd@ti.com>2012-02-08 16:58:27 -0600
commit3e3376a4b73e0475d6e1be9cf533ea4ae0674ee3 (patch)
tree12ddcb10ef5f64c3381ad00e7f31b8036fc0a8b8
parent80085d470d189362ddb6dda9bba6ee05fe7c84c6 (diff)
tinycap, tinyplay: Check *argv before dereferencing.
In several places, argv is incremented and *argv is dereferenced without checking to see if it is valid to do so. This could lead to a buffer overrun if the user provides invalid parameters. This patch generally changes this: if (strcmp(*argv, "-r") == 0) { argv++; rate = atoi(*argv); } argv++; To this: if (strcmp(*argv, "-r") == 0) { argv++; if (*argv) rate = atoi(*argv); } if (*argv) argv++; Signed-off-by: Gabriel M. Beddingfield <gabrbedd@ti.com>
-rw-r--r--tinycap.c15
-rw-r--r--tinyplay.c6
2 files changed, 14 insertions, 7 deletions
diff --git a/tinycap.c b/tinycap.c
index 3eb5c60..586270b 100644
--- a/tinycap.c
+++ b/tinycap.c
@@ -93,18 +93,23 @@ int main(int argc, char **argv)
while (*argv) {
if (strcmp(*argv, "-d") == 0) {
argv++;
- device = atoi(*argv);
+ if (*argv)
+ device = atoi(*argv);
} else if (strcmp(*argv, "-c") == 0) {
argv++;
- channels = atoi(*argv);
+ if (*argv)
+ channels = atoi(*argv);
} else if (strcmp(*argv, "-r") == 0) {
argv++;
- rate = atoi(*argv);
+ if (*argv)
+ rate = atoi(*argv);
} else if (strcmp(*argv, "-b") == 0) {
argv++;
- bits = atoi(*argv);
+ if (*argv)
+ bits = atoi(*argv);
}
- argv++;
+ if (*argv)
+ argv++;
}
header.riff_id = ID_RIFF;
diff --git a/tinyplay.c b/tinyplay.c
index 915a1ea..20b9ce3 100644
--- a/tinyplay.c
+++ b/tinyplay.c
@@ -79,9 +79,11 @@ int main(int argc, char **argv)
while (*argv) {
if (strcmp(*argv, "-d") == 0) {
argv++;
- device = atoi(*argv);
+ if (*argv)
+ device = atoi(*argv);
}
- argv++;
+ if (*argv)
+ argv++;
}
fread(&header, sizeof(struct wav_header), 1, file);