ret=fwrite(buffer, 1, bufSize, newfile);
if(ret != bufSize) {
perror("Can't write to tmp file");
+ fclose(newfile);
return NULL;
}
}
memcpy(tmpBuf,oleBuf+0x4c,MSAT_ORIG_SIZE);
mblock=getlong(oleBuf,0x44);
msat_size=getlong(oleBuf,0x48);
- if (msat_size * sectorSize)
+ if (msat_size * sectorSize > fileLength) {
+ free(tmpBuf);
+ return NULL;
+ }
+
/* fprintf(stderr, "msat_size=%ld\n", msat_size); */
i=0;