diff options
author | wm4 <wm4@nowhere> | 2014-01-03 00:34:15 +0100 |
---|---|---|
committer | wm4 <wm4@nowhere> | 2014-01-03 00:34:15 +0100 |
commit | 7ed4ce91e8a4f9979ac92391c74fcca1459863d7 (patch) | |
tree | 2cbcd8394c79fdcc9ad8efb82a0473dc00bafa10 /bstr/bstr.c | |
parent | 2cad237f8bea862923bf9e7e2d7c55544f6248e0 (diff) | |
download | mpv-7ed4ce91e8a4f9979ac92391c74fcca1459863d7.tar.bz2 mpv-7ed4ce91e8a4f9979ac92391c74fcca1459863d7.tar.xz |
bstr: check for overflow in buffer allocation
We're being a little bit lazy here and limit the max allocation to
SIZE_MAX/2, which is practically infinite anyway on 64 bit systems.
Diffstat (limited to 'bstr/bstr.c')
-rw-r--r-- | bstr/bstr.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/bstr/bstr.c b/bstr/bstr.c index c0826625c0..aacbdc7dbc 100644 --- a/bstr/bstr.c +++ b/bstr/bstr.c @@ -20,6 +20,8 @@ #include <assert.h> #include <ctype.h> #include <stdarg.h> +#include <stdint.h> +#include <stdlib.h> #include <libavutil/common.h> @@ -348,6 +350,8 @@ static void resize_append(void *talloc_ctx, bstr *s, size_t append_min) if (append_min > size - s->len) { if (append_min < size) append_min = size; // preallocate in power of 2s + if (size >= SIZE_MAX / 2 || append_min >= SIZE_MAX / 2) + abort(); // oom s->start = talloc_realloc_size(talloc_ctx, s->start, size + append_min); } } |