From 3e3376a4b73e0475d6e1be9cf533ea4ae0674ee3 Mon Sep 17 00:00:00 2001
From: "Gabriel M. Beddingfield" <gabrbedd@ti.com>
Date: Mon, 28 Nov 2011 17:17:00 -0600
Subject: tinycap, tinyplay: Check *argv before dereferencing.

In several places, argv is incremented and *argv is dereferenced
without checking to see if it is valid to do so.  This could lead to a
buffer overrun if the user provides invalid parameters.

This patch generally changes this:

    if (strcmp(*argv, "-r") == 0) {
        argv++;
        rate = atoi(*argv);
    }
    argv++;

To this:

    if (strcmp(*argv, "-r") == 0) {
        argv++;
        if (*argv)
            rate = atoi(*argv);
    }
    if (*argv)
        argv++;

Signed-off-by: Gabriel M. Beddingfield <gabrbedd@ti.com>
---
 tinyplay.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'tinyplay.c')

diff --git a/tinyplay.c b/tinyplay.c
index 915a1ea..20b9ce3 100644
--- a/tinyplay.c
+++ b/tinyplay.c
@@ -79,9 +79,11 @@ int main(int argc, char **argv)
     while (*argv) {
         if (strcmp(*argv, "-d") == 0) {
             argv++;
-            device = atoi(*argv);
+            if (*argv)
+                device = atoi(*argv);
         }
-        argv++;
+        if (*argv)
+            argv++;
     }
 
     fread(&header, sizeof(struct wav_header), 1, file);
-- 
cgit v1.2.3