diff options
author | rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2> | 2006-06-04 22:41:27 +0000 |
---|---|---|
committer | rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2> | 2006-06-04 22:41:27 +0000 |
commit | 9da93175794398fefeb45c6c53abdcdeda325101 (patch) | |
tree | 1dad782a7785b845d9bfc950631e91c01369154b /libmpdemux/asf_streaming.c | |
parent | b4ddc383ef4e4d537417999e390ab90631e7b6aa (diff) | |
download | mpv-9da93175794398fefeb45c6c53abdcdeda325101.tar.bz2 mpv-9da93175794398fefeb45c6c53abdcdeda325101.tar.xz |
Fix potential integer overflows in memory allocation.
Patch by Rich and me
git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@18559 b3059339-0415-0410-9bf9-f77b7e298cf2
Diffstat (limited to 'libmpdemux/asf_streaming.c')
-rw-r--r-- | libmpdemux/asf_streaming.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libmpdemux/asf_streaming.c b/libmpdemux/asf_streaming.c index 2ddfbecc14..85c92214dc 100644 --- a/libmpdemux/asf_streaming.c +++ b/libmpdemux/asf_streaming.c @@ -194,6 +194,8 @@ static int asf_streaming_parse_header(int fd, streaming_ctrl_t* streaming_ctrl) return -1; } + // audit: do not overflow buffer_size + if (size > SIZE_MAX - buffer_size) return -1; buffer = (char*) malloc(size+buffer_size); if(buffer == NULL) { mp_msg(MSGT_NETWORK,MSGL_FATAL,MSGTR_MPDEMUX_ASF_BufferMallocFailed,size+buffer_size); |