diff options
| author | reimar <reimar@b3059339-0415-0410-9bf9-f77b7e298cf2> | 2008-03-29 11:35:29 +0000 |
|---|---|---|
| committer | reimar <reimar@b3059339-0415-0410-9bf9-f77b7e298cf2> | 2008-03-29 11:35:29 +0000 |
| commit | 54c48f18a1c448ffd136846fea9dafecc0ac8ae1 (patch) | |
| tree | 0e0d9a1995fa33f9b01c1bb7c69ad521a3b94c4b /stream | |
| parent | 33dc71664e3687716307225fbcd1dcc2452ca170 (diff) | |
| download | mpv-54c48f18a1c448ffd136846fea9dafecc0ac8ae1.tar.bz2 mpv-54c48f18a1c448ffd136846fea9dafecc0ac8ae1.tar.xz | |
Fix possible integer overflow in malloc by using calloc instead.
Should fix CVE-2008-0073 as far as MPlayer is affected by this problem.
git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@26299 b3059339-0415-0410-9bf9-f77b7e298cf2
Diffstat (limited to 'stream')
| -rw-r--r-- | stream/realrtsp/sdpplin.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/stream/realrtsp/sdpplin.c b/stream/realrtsp/sdpplin.c index dfab829cee..31514befeb 100644 --- a/stream/realrtsp/sdpplin.c +++ b/stream/realrtsp/sdpplin.c @@ -330,7 +330,8 @@ sdpplin_t *sdpplin_parse(char *data) { if(filter(data,"a=StreamCount:integer;",&buf)) { desc->stream_count=(unsigned int)atoi(buf); - desc->stream=malloc(sizeof(sdpplin_stream_t*)*desc->stream_count); + desc->stream=calloc(desc->stream_count, sizeof(sdpplin_stream_t*)); + if (!desc->stream) desc->stream_count = 0; handled=1; data=nl(data); } |