From 7ed4ce91e8a4f9979ac92391c74fcca1459863d7 Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Fri, 3 Jan 2014 00:34:15 +0100
Subject: bstr: check for overflow in buffer allocation

We're being a little bit lazy here and limit the max allocation to
SIZE_MAX/2, which is practically infinite anyway on 64 bit systems.
---
 bstr/bstr.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/bstr/bstr.c b/bstr/bstr.c
index c0826625c0..aacbdc7dbc 100644
--- a/bstr/bstr.c
+++ b/bstr/bstr.c
@@ -20,6 +20,8 @@
 #include <assert.h>
 #include <ctype.h>
 #include <stdarg.h>
+#include <stdint.h>
+#include <stdlib.h>
 
 #include <libavutil/common.h>
 
@@ -348,6 +350,8 @@ static void resize_append(void *talloc_ctx, bstr *s, size_t append_min)
     if (append_min > size - s->len) {
         if (append_min < size)
             append_min = size; // preallocate in power of 2s
+        if (size >= SIZE_MAX / 2 || append_min >= SIZE_MAX / 2)
+            abort(); // oom
         s->start = talloc_realloc_size(talloc_ctx, s->start, size + append_min);
     }
 }
-- 
cgit v1.2.3