From 577280a1796e5cf90d5eb05d2232690ab83f0bd8 Mon Sep 17 00:00:00 2001
From: Jochen Dolze <vdr@dolze.de>
Date: Sun, 27 Sep 2009 22:26:49 +0200
Subject: Check buffer length for zero size

---
 recv.cpp   | 4 ++--
 ts2pkt.cpp | 8 ++++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/recv.cpp b/recv.cpp
index 43a0e5e..f9562bf 100644
--- a/recv.cpp
+++ b/recv.cpp
@@ -264,8 +264,8 @@ void cMarkAdReceiver::AddMark(MarkAdMark *mark, int Priority)
         prevmark->comment=strcatrealloc(prevmark->comment," ");
         prevmark->comment=strcatrealloc(prevmark->comment,mark->Comment);
 
-        marks.Del(newmark,true);
         dsyslog("markad [%i]: delete mark %i",recvnumber,newmark->position);
+        marks.Del(newmark,true);
     }
     else
     {
@@ -273,8 +273,8 @@ void cMarkAdReceiver::AddMark(MarkAdMark *mark, int Priority)
         mark->Comment=strcatrealloc(mark->Comment," ");
         mark->Comment=strcatrealloc(mark->Comment,prevmark->comment);
 
-        marks.Del(prevmark,true);
         dsyslog("markad [%i]: delete previous mark %i",recvnumber,prevmark->position);
+        marks.Del(prevmark,true);
     }
     marks.Save();
 }
diff --git a/ts2pkt.cpp b/ts2pkt.cpp
index 7d66c08..2aca980 100644
--- a/ts2pkt.cpp
+++ b/ts2pkt.cpp
@@ -235,7 +235,7 @@ int cMarkAdTS2Pkt::Process(MarkAdPid Pid, uchar *TSData, int TSSize, uchar **Pkt
                 Reset(MA_ERR_TOBIG);
                 return TS_SIZE;
             }
-            if (buflen<0)
+            if (buflen<=0)
             {
                 // error in size
                 Reset(MA_ERR_NEG);
@@ -307,7 +307,11 @@ int cMarkAdTS2Pkt::Process(MarkAdPid Pid, uchar *TSData, int TSSize, uchar **Pkt
     pktdatalast=pktdata;
 
     int bufleftsize=pktsize-(pktinfo.pkthdr+size);
-
+    if (bufleftsize<=0)
+    {
+        Reset(MA_ERR_NEG);
+        return bytes_processed;
+    }
     uchar *bufleft=(uchar *) malloc(bufleftsize);
     if (!bufleft)
     {
-- 
cgit v1.2.3