diff options
| author | Ben Chan <benchan@chromium.org> | 2017-02-03 10:31:37 -0800 |
|---|---|---|
| committer | Dan Williams <dcbw@redhat.com> | 2017-02-06 13:04:39 -0600 |
| commit | fad2ca074e44cf9dd340e9609ff30c047a5ecc0b (patch) | |
| tree | 989cdfb5ee2c641659ea23f77e9b7c779b65f4b9 | |
| parent | f52608c93adcfb7732fbf4caab1aa0b80a83fe30 (diff) | |
| download | external_libqmi-fad2ca074e44cf9dd340e9609ff30c047a5ecc0b.zip external_libqmi-fad2ca074e44cf9dd340e9609ff30c047a5ecc0b.tar.gz external_libqmi-fad2ca074e44cf9dd340e9609ff30c047a5ecc0b.tar.bz2 | |
utils,swi-update: fix image length check in download_image()
This patch fixes the image length check in download_image(). The check
'if (filelen < 0)' in download_image() is always false as 'filelen' is a
size_t and thus unsigned value. The check is effectively bypassed.
| -rw-r--r-- | utils/swi-update.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/utils/swi-update.c b/utils/swi-update.c index 86dc546..d046d88 100644 --- a/utils/swi-update.c +++ b/utils/swi-update.c @@ -802,8 +802,7 @@ static int download_image(int serfd, char *buf, const char *image) goto out; } fstat(imgfd, &img_data); - filelen = imglen(type, img_data.st_size) - hdrlen(type); - if (filelen < 0) { + if (imglen(type, img_data.st_size) < hdrlen(type)) { fprintf(stderr, "%s is too short\n", image); ret = -1; goto out; @@ -828,6 +827,7 @@ static int download_image(int serfd, char *buf, const char *image) if (read_and_parse(serfd, false) < 0) goto out; + filelen = imglen(type, img_data.st_size) - hdrlen(type); /* remaining data to send */ while (filelen > 0) { fd_set wr; |