Fix potential integer overflows in memory allocation.

Patch by Rich and me git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@18559 b3059339-0415-0410-9bf9-f77b7e298cf2
author: rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2> 2006-06-04 22:41:27 +0000
committer: rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2> 2006-06-04 22:41:27 +0000
commit: 9da93175794398fefeb45c6c53abdcdeda325101 (patch)
tree: 1dad782a7785b845d9bfc950631e91c01369154b /libmpdemux/asf_streaming.c
parent: b4ddc383ef4e4d537417999e390ab90631e7b6aa (diff)
download: mpv-9da93175794398fefeb45c6c53abdcdeda325101.tar.bz2
mpv-9da93175794398fefeb45c6c53abdcdeda325101.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/libmpdemux/asf_streaming.c b/libmpdemux/asf_streaming.c
index 2ddfbecc14..85c92214dc 100644
--- a/libmpdemux/asf_streaming.c
+++ b/libmpdemux/asf_streaming.c
@@ -194,6 +194,8 @@ static int asf_streaming_parse_header(int fd, streaming_ctrl_t* streaming_ctrl)
 	    return -1;
 	  }
 	  
+	  // audit: do not overflow buffer_size
+	  if (size > SIZE_MAX - buffer_size) return -1;
 	  buffer = (char*) malloc(size+buffer_size);
 	  if(buffer == NULL) {
 	    mp_msg(MSGT_NETWORK,MSGL_FATAL,MSGTR_MPDEMUX_ASF_BufferMallocFailed,size+buffer_size);
author	rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2>	2006-06-04 22:41:27 +0000
committer	rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2>	2006-06-04 22:41:27 +0000
commit	9da93175794398fefeb45c6c53abdcdeda325101 (patch)
tree	1dad782a7785b845d9bfc950631e91c01369154b /libmpdemux/asf_streaming.c
parent	b4ddc383ef4e4d537417999e390ab90631e7b6aa (diff)
download	mpv-9da93175794398fefeb45c6c53abdcdeda325101.tar.bz2 mpv-9da93175794398fefeb45c6c53abdcdeda325101.tar.xz