fixed 2 crashes (AFL)

author: Marcus Meissner <marcus@jet.franken.de> 2019-06-16 13:26:38 +0200
committer: Marcus Meissner <marcus@jet.franken.de> 2019-06-16 13:26:38 +0200
commit: 1ab8f2c2e87fef370e019dfa54107c2c488d68c7 (patch)
tree: f86373580970b53f329fcb222a966592334befb4 /camlibs/spca50x
parent: 94a45522d96e6292b291385fe284cbfdaa8f6900 (diff)
download: libgphoto2-1ab8f2c2e87fef370e019dfa54107c2c488d68c7.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/camlibs/spca50x/spca50x-sdram.c b/camlibs/spca50x/spca50x-sdram.c
index 3b87347c7..2e0b19bd0 100644
--- a/camlibs/spca50x/spca50x-sdram.c
+++ b/camlibs/spca50x/spca50x-sdram.c
@@ -719,6 +719,10 @@ spca50x_sdram_get_info (CameraPrivateLibrary * lib)
 		CHECK (spca50x_get_FATs (lib, dramtype));
 
 		index = lib->files[lib->num_files_on_sdram - 1].fat_end;
+		if (index >= lib->num_fats) {
+			gp_log(GP_LOG_ERROR, "spca50x", "%d exceeds num_fats %d", index, lib->num_fats);
+			return GP_ERROR;
+		}
 		p = lib->fats + SPCA50X_FAT_PAGE_SIZE * index;
 		/* p now points to the fat of the last image of the last file */
 
@@ -906,6 +910,8 @@ spca50x_get_FATs (CameraPrivateLibrary * lib, int dramtype)
 		 * gets its own fat table with a sequence number at p[18]. */
 		if ((type == 0x80) || (type == 0x03 && (p[18] != 0x00))) {
 			/* continuation of an avi */
+			if (!file_index)
+				return GP_ERROR;
 			lib->files[file_index - 1].fat_end = index;
 		} else {
 			/* its an image */
author	Marcus Meissner <marcus@jet.franken.de>	2019-06-16 13:26:38 +0200
committer	Marcus Meissner <marcus@jet.franken.de>	2019-06-16 13:26:38 +0200
commit	1ab8f2c2e87fef370e019dfa54107c2c488d68c7 (patch)
tree	f86373580970b53f329fcb222a966592334befb4 /camlibs/spca50x
parent	94a45522d96e6292b291385fe284cbfdaa8f6900 (diff)
download	libgphoto2-1ab8f2c2e87fef370e019dfa54107c2c488d68c7.tar.gz