fecdec: Return an error on zero size slices.

diff --git a/error.h b/error.h
index 7de3f436510fa42833933aac0e333a3f56b3d0f9..94a412020119947db3fa3ec77aae293438ec4208 100644 (file)
--- a/error.h
+++ b/error.h
@@ -49,7 +49,7 @@ extern const char **para_errlist[];
 
 #define FECDEC_FILTER_ERRORS \
        PARA_ERROR(BAD_FEC_HEADER, "invalid fec header"), \
 
 #define FECDEC_FILTER_ERRORS \
        PARA_ERROR(BAD_FEC_HEADER, "invalid fec header"), \

-       PARA_ERROR(BAD_SLICE_SIZE, "slice size too large"), \
+       PARA_ERROR(BAD_SLICE_SIZE, "slice size zero or too large"), \

        PARA_ERROR(BAD_SLICE_NUM, "invalid slice number"), \
        PARA_ERROR(FECDEC_OVERRUN, "fecdec output buffer overrun"), \
        PARA_ERROR(FECDEC_EOF, "received eof packet"), \
        PARA_ERROR(BAD_SLICE_NUM, "invalid slice number"), \
        PARA_ERROR(FECDEC_OVERRUN, "fecdec output buffer overrun"), \
        PARA_ERROR(FECDEC_EOF, "received eof packet"), \

diff --git a/fecdec_filter.c b/fecdec_filter.c
index 794add49ec42d07c04ea826e36f8f77b80a9dad6..a7d1875c271e8f8889d20eeff62a119ce11380d5 100644 (file)
--- a/fecdec_filter.c
+++ b/fecdec_filter.c
@@ -358,7 +358,7 @@ static ssize_t fecdec(char *buf, size_t len, struct filter_node *fn)
        ret = read_fec_header(buf, len, &h);
        if (ret <= 0)
                return ret;
        ret = read_fec_header(buf, len, &h);
        if (ret <= 0)
                return ret;

-       if (h.slice_bytes > fn->bufsize)
+       if (!h.slice_bytes || h.slice_bytes > fn->bufsize)

                return -E_BAD_SLICE_SIZE;
        if (h.slice_num > h.slices_per_group)
                return -E_BAD_SLICE_NUM;
                return -E_BAD_SLICE_SIZE;
        if (h.slice_num > h.slices_per_group)
                return -E_BAD_SLICE_NUM;