From 54c48f18a1c448ffd136846fea9dafecc0ac8ae1 Mon Sep 17 00:00:00 2001
From: reimar <reimar@b3059339-0415-0410-9bf9-f77b7e298cf2>
Date: Sat, 29 Mar 2008 11:35:29 +0000
Subject: Fix possible integer overflow in malloc by using calloc instead.
 Should fix CVE-2008-0073 as far as MPlayer is affected by this problem.

git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@26299 b3059339-0415-0410-9bf9-f77b7e298cf2
---
 stream/realrtsp/sdpplin.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'stream')

diff --git a/stream/realrtsp/sdpplin.c b/stream/realrtsp/sdpplin.c
index dfab829cee..31514befeb 100644
--- a/stream/realrtsp/sdpplin.c
+++ b/stream/realrtsp/sdpplin.c
@@ -330,7 +330,8 @@ sdpplin_t *sdpplin_parse(char *data) {
     
     if(filter(data,"a=StreamCount:integer;",&buf)) {
       desc->stream_count=(unsigned int)atoi(buf);
-      desc->stream=malloc(sizeof(sdpplin_stream_t*)*desc->stream_count);
+      desc->stream=calloc(desc->stream_count, sizeof(sdpplin_stream_t*));
+      if (!desc->stream) desc->stream_count = 0;
       handled=1;
       data=nl(data);
     }
-- 
cgit v1.2.3