Fix potential integer overflows in memory allocation.

Patch by Rich and me git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@18559 b3059339-0415-0410-9bf9-f77b7e298cf2
author: rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2> 2006-06-04 22:41:27 +0000
committer: rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2> 2006-06-04 22:41:27 +0000
commit: 9da93175794398fefeb45c6c53abdcdeda325101 (patch)
tree: 1dad782a7785b845d9bfc950631e91c01369154b /libmpdemux/demux_mkv.c
parent: b4ddc383ef4e4d537417999e390ab90631e7b6aa (diff)
download: mpv-9da93175794398fefeb45c6c53abdcdeda325101.tar.bz2
mpv-9da93175794398fefeb45c6c53abdcdeda325101.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/libmpdemux/demux_mkv.c b/libmpdemux/demux_mkv.c
index d55f886ce5..bc9bfa2731 100644
--- a/libmpdemux/demux_mkv.c
+++ b/libmpdemux/demux_mkv.c
@@ -11,6 +11,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <ctype.h>
+#include <inttypes.h>
 
 #include "stream.h"
 #include "demuxer.h"
@@ -1083,6 +1084,8 @@ demux_mkv_read_trackentry (demuxer_t *demuxer)
           {
             int x;
             uint64_t num = ebml_read_length (s, &x);
+	    // audit: cheap guard against overflows later..
+	    if (num > SIZE_MAX - 1000) return 0;
             l = x + num;
             track->private_data = malloc (num);
             if (stream_read(s, track->private_data, num) != (int) num)
author	rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2>	2006-06-04 22:41:27 +0000
committer	rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2>	2006-06-04 22:41:27 +0000
commit	9da93175794398fefeb45c6c53abdcdeda325101 (patch)
tree	1dad782a7785b845d9bfc950631e91c01369154b /libmpdemux/demux_mkv.c
parent	b4ddc383ef4e4d537417999e390ab90631e7b6aa (diff)
download	mpv-9da93175794398fefeb45c6c53abdcdeda325101.tar.bz2 mpv-9da93175794398fefeb45c6c53abdcdeda325101.tar.xz