From a0b9021d54dc9890da5f0c9bd26361db4556f6c2 Mon Sep 17 00:00:00 2001
From: Darren Salt <linux@youmustbejoking.demon.co.uk>
Date: Tue, 10 Feb 2009 17:17:50 +0000
Subject: Fix broken size checks in various input plugins (ref. CVE-2008-5239).

---
 src/input/input_gnome_vfs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/input/input_gnome_vfs.c')

diff --git a/src/input/input_gnome_vfs.c b/src/input/input_gnome_vfs.c
index ec025f7b5..a3dfafdd5 100644
--- a/src/input/input_gnome_vfs.c
+++ b/src/input/input_gnome_vfs.c
@@ -121,7 +121,9 @@ gnomevfs_plugin_read_block (input_plugin_t *this_gen, fifo_buffer_t *fifo,
 	off_t total_bytes;
 	buf_element_t *buf = fifo->buffer_pool_alloc (fifo);
 
-	if (todo < 0 || todo > buf->size) {
+	if (todo > buf->max_size)
+	  todo = buf->max_size;
+	if (todo < 0) {
 		buf->free_buffer (buf);
 		return NULL;
 	}
-- 
cgit v1.2.3