load_afd(): Double check shared memory sizes.

The shared memory ID is sent by a trusted source, so it is a programming error
(rather than a runtime error that could be handled) if the size of the shared
memory area is smaller than the size of an audio file data structure. Thus,
the right thing to do is to abort immediately in this case.

diff --git a/aft.c b/aft.c
index 01cbb96d63ba13a796cba553e1e4fccd2ea4e939..132f511940c6af0961fd9ca59087150df98b4b26 100644 (file)
--- a/aft.c
+++ b/aft.c
@@ -632,15 +632,18 @@ err:
 }
 
 /**
- * Extract a afd stored in a shared memory area.
+ * Extract an audio file data structure from a shared memory area.
  *
- * Attach the shared memory area given by \a shmid, load the audio file data
- * stored therein and detach the area afterwards.  Called by vss, after
- * receiving a positive response to the request for the next audio file.
- +
- * \param shmid The identifier of the shared memory area containing the afd.
+ * This is called by the virtual streaming system each time a new audio file
+ * is about to be streamed.
+ *
+ * \param shmid Identifies a serialized version of the audio file data.
  * \param afd Result pointer.
  *
+ * Attach the shared memory area and populate the fields of the audio file
+ * data structure from the contents of the area, allocating the necessary
+ * memory on the heap. Then detach the area.
+ *
  * \return Standard.
  */
 int load_afd(int shmid, struct audio_file_data *afd)
@@ -655,6 +658,7 @@ int load_afd(int shmid, struct audio_file_data *afd)
        ret = shm_size(shmid, &obj.size);
        if (ret < 0)
                goto detach;
+       assert(obj.size >= sizeof(*afd));
        *afd = *(struct audio_file_data *)shm_afd;
        obj.data = shm_afd + sizeof(*afd);
        obj.size -= sizeof(*afd);