diff options
author | Uoti Urpala <uau@glyph.nonexistent.invalid> | 2011-01-17 16:16:39 +0200 |
---|---|---|
committer | Uoti Urpala <uau@glyph.nonexistent.invalid> | 2011-01-17 16:16:39 +0200 |
commit | 757e43c3f863453e5d17e4201c7c9ae2a58c5844 (patch) | |
tree | 81b6481f0df577dbacfb6b9feca2fca377e912d8 /libmpdemux/demuxer.h | |
parent | e342a81d6f5d13b83753050af79feab4fd702925 (diff) | |
download | mpv-757e43c3f863453e5d17e4201c7c9ae2a58c5844.tar.bz2 mpv-757e43c3f863453e5d17e4201c7c9ae2a58c5844.tar.xz |
demux: add sanity checks to packet allocation functions
Change new_demux_packet() and resize_demux_packet() length parameter
type from int to size_t and add a check to abort() if the size is over
1 GB. This should make integer overflow problems leading to memory
corruption in demuxers less likely; and aborting should be no worse
than insane memory consumption. Also make the functions abort() if the
actual allocation fails instead of trying to continue with a
zero-sized buffer.
Diffstat (limited to 'libmpdemux/demuxer.h')
-rw-r--r-- | libmpdemux/demuxer.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libmpdemux/demuxer.h b/libmpdemux/demuxer.h index 3a7a6157c2..742e42aa74 100644 --- a/libmpdemux/demuxer.h +++ b/libmpdemux/demuxer.h @@ -286,8 +286,8 @@ typedef struct { int aid, vid, sid; //audio, video and subtitle id } demux_program_t; -struct demux_packet *new_demux_packet(int len); -void resize_demux_packet(struct demux_packet *dp, int len); +struct demux_packet *new_demux_packet(size_t len); +void resize_demux_packet(struct demux_packet *dp, size_t len); struct demux_packet *clone_demux_packet(struct demux_packet *pack); void free_demux_packet(struct demux_packet *dp); |