From 9da93175794398fefeb45c6c53abdcdeda325101 Mon Sep 17 00:00:00 2001
From: rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2>
Date: Sun, 4 Jun 2006 22:41:27 +0000
Subject: Fix potential integer overflows in memory allocation. Patch by Rich
 and me

git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@18559 b3059339-0415-0410-9bf9-f77b7e298cf2
---
 libmpdemux/demux_mkv.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'libmpdemux/demux_mkv.c')

diff --git a/libmpdemux/demux_mkv.c b/libmpdemux/demux_mkv.c
index d55f886ce5..bc9bfa2731 100644
--- a/libmpdemux/demux_mkv.c
+++ b/libmpdemux/demux_mkv.c
@@ -11,6 +11,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <ctype.h>
+#include <inttypes.h>
 
 #include "stream.h"
 #include "demuxer.h"
@@ -1083,6 +1084,8 @@ demux_mkv_read_trackentry (demuxer_t *demuxer)
           {
             int x;
             uint64_t num = ebml_read_length (s, &x);
+	    // audit: cheap guard against overflows later..
+	    if (num > SIZE_MAX - 1000) return 0;
             l = x + num;
             track->private_data = malloc (num);
             if (stream_read(s, track->private_data, num) != (int) num)
-- 
cgit v1.2.3