From 8cb05d63c484e67d46d036b8684eca7d96daff43 Mon Sep 17 00:00:00 2001
From: Joachim Breuer <git@jmbreuer.net>
Date: Sat, 13 Jul 2013 11:03:21 +0200
Subject: Fix iso9660::ReadFile() to no longer read one sector past file size

---
 xbmc/filesystem/iso9660.cpp | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/xbmc/filesystem/iso9660.cpp b/xbmc/filesystem/iso9660.cpp
index 5099b01f83..c45e606a6f 100644
--- a/xbmc/filesystem/iso9660.cpp
+++ b/xbmc/filesystem/iso9660.cpp
@@ -902,15 +902,13 @@ long iso9660::ReadFile(HANDLE hFile, uint8_t *pBuffer, long lSize)
   if ( pContext->m_bUseMode2 )
     sectorSize = MODE2_DATA_SIZE;
 
-  while (lSize > 0 && pContext->m_dwFilePos <= pContext->m_dwFileSize)
+  while (lSize > 0 && pContext->m_dwFilePos + sectorSize <= pContext->m_dwFileSize)
   {
     pContext->m_dwCurrentBlock = (DWORD) (pContext->m_dwFilePos / sectorSize);
     int64_t iOffsetInBuffer = pContext->m_dwFilePos - (sectorSize * pContext->m_dwCurrentBlock);
     pContext->m_dwCurrentBlock += pContext->m_dwStartBlock;
 
-    //char szBuf[256];
-    //sprintf(szBuf,"pos:%i cblk:%i sblk:%i off:%i",(long)m_dwFilePos, (long)m_dwCurrentBlock,(long)m_dwStartBlock,(long)iOffsetInBuffer);
-    //DBG(szBuf);
+    // CLog::Log(LOGDEBUG, "pos:%li cblk:%li sblk:%li off:%li",(long)pContext->m_dwFilePos, (long)pContext->m_dwCurrentBlock,(long)pContext->m_dwStartBlock,(long)iOffsetInBuffer);
 
     uint8_t* pSector;
     bError = !ReadSectorFromCache(pContext, pContext->m_dwCurrentBlock, &pSector);
-- 
cgit v1.2.3


From 6c3aa00afb860a2dbeb1cc8d0edc8932c64a5bd2 Mon Sep 17 00:00:00 2001
From: Joachim Breuer <git@jmbreuer.net>
Date: Sat, 13 Jul 2013 13:34:07 +0200
Subject: Proper fix: Limit to file size

---
 xbmc/filesystem/iso9660.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xbmc/filesystem/iso9660.cpp b/xbmc/filesystem/iso9660.cpp
index c45e606a6f..e04be21b32 100644
--- a/xbmc/filesystem/iso9660.cpp
+++ b/xbmc/filesystem/iso9660.cpp
@@ -902,7 +902,7 @@ long iso9660::ReadFile(HANDLE hFile, uint8_t *pBuffer, long lSize)
   if ( pContext->m_bUseMode2 )
     sectorSize = MODE2_DATA_SIZE;
 
-  while (lSize > 0 && pContext->m_dwFilePos + sectorSize <= pContext->m_dwFileSize)
+  while (lSize > 0 && pContext->m_dwFilePos < pContext->m_dwFileSize)
   {
     pContext->m_dwCurrentBlock = (DWORD) (pContext->m_dwFilePos / sectorSize);
     int64_t iOffsetInBuffer = pContext->m_dwFilePos - (sectorSize * pContext->m_dwCurrentBlock);
-- 
cgit v1.2.3