Fix potential integer overflows in memory allocation.

Patch by Rich and me git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@18559 b3059339-0415-0410-9bf9-f77b7e298cf2
author: rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2> 2006-06-04 22:41:27 +0000
committer: rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2> 2006-06-04 22:41:27 +0000
commit: 9da93175794398fefeb45c6c53abdcdeda325101 (patch)
tree: 1dad782a7785b845d9bfc950631e91c01369154b /libmpdemux/cookies.c
parent: b4ddc383ef4e4d537417999e390ab90631e7b6aa (diff)
download: mpv-9da93175794398fefeb45c6c53abdcdeda325101.tar.bz2
mpv-9da93175794398fefeb45c6c53abdcdeda325101.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/libmpdemux/cookies.c b/libmpdemux/cookies.c
index 65745872d2..3a828f8d5e 100644
--- a/libmpdemux/cookies.c
+++ b/libmpdemux/cookies.c
@@ -12,6 +12,7 @@
 #include <unistd.h>
 #include <sys/types.h>
 #include <dirent.h>
+#include <inttypes.h>
 
 #include "cookies.h"
 #include "http.h"
@@ -110,6 +111,11 @@ static char *load_file(const char *filename, off_t * length)
 	return NULL;
     }
 
+    if (*length > SIZE_MAX - 1) {
+	mp_msg(MSGT_NETWORK, MSGL_V, "File too big, could not malloc.");
+	return NULL;
+    }
+
     lseek(fd, SEEK_SET, 0);
 
     if (!(buffer = malloc(*length + 1))) {
author	rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2>	2006-06-04 22:41:27 +0000
committer	rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2>	2006-06-04 22:41:27 +0000
commit	9da93175794398fefeb45c6c53abdcdeda325101 (patch)
tree	1dad782a7785b845d9bfc950631e91c01369154b /libmpdemux/cookies.c
parent	b4ddc383ef4e4d537417999e390ab90631e7b6aa (diff)
download	mpv-9da93175794398fefeb45c6c53abdcdeda325101.tar.bz2 mpv-9da93175794398fefeb45c6c53abdcdeda325101.tar.xz