From 7b04787fc151bc591f142cb45779d68d6827a70f Mon Sep 17 00:00:00 2001
From: chme <christian.meffert@googlemail.com>
Date: Sun, 10 Dec 2017 09:31:00 +0100
Subject: [PATCH] [mpd] Check upper bound for sticker 'rating'

---
 src/db.h  | 2 ++
 src/mpd.c | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/src/db.h b/src/db.h
index f6ff7343..a92a2459 100644
--- a/src/db.h
+++ b/src/db.h
@@ -72,6 +72,8 @@ enum query_type {
 #define DB_ADMIN_LASTFM_SESSION_KEY "lastfm_sk"
 #define DB_ADMIN_SPOTIFY_REFRESH_TOKEN "spotify_refresh_token"
 
+#define DB_FILES_RATING_MAX 100
+
 struct query_params {
   /* Query parameters, filled in by caller */
   enum query_type type;
diff --git a/src/mpd.c b/src/mpd.c
index f7f01ac1..fe4dc8a9 100644
--- a/src/mpd.c
+++ b/src/mpd.c
@@ -3301,6 +3301,12 @@ mpd_sticker_set(struct evbuffer *evbuf, int argc, char **argv, char **errmsg, co
     }
 
   rating *= MPD_RATING_FACTOR;
+  if (rating > DB_FILES_RATING_MAX)
+    {
+      *errmsg = safe_asprintf("rating '%s' is greater than maximum value allowed", argv[5], (DB_FILES_RATING_MAX / MPD_RATING_FACTOR));
+      return ACK_ERROR_ARG;
+    }
+
   ret = db_file_rating_update_byvirtualpath(virtual_path, rating);
   if (ret <= 0)
     {