[libbluray-devel] Fix integer overflow
hpi1
git at videolan.org
Mon Feb 20 18:28:53 CET 2017
libbluray | branch: master | hpi1 <hpi1 at anonymous.org> | Mon Feb 20 10:49:37 2017 +0200| [9188e5e6149b0c25d6ad85fb461b55378c65ee42] | committer: hpi1
Fix integer overflow
> http://git.videolan.org/gitweb.cgi/libbluray.git/?a=commit;h=9188e5e6149b0c25d6ad85fb461b55378c65ee42
---
src/libbluray/bdnav/clpi_parse.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/libbluray/bdnav/clpi_parse.c b/src/libbluray/bdnav/clpi_parse.c
index ff9082a..cb19194 100644
--- a/src/libbluray/bdnav/clpi_parse.c
+++ b/src/libbluray/bdnav/clpi_parse.c
@@ -635,8 +635,12 @@ _parse_extent_start_points(BITSTREAM *bits, CLPI_EXTENT_START *es)
bs_skip(bits, 32); // length
es->num_point = bs_read(bits, 32);
- es->point = malloc(es->num_point * sizeof(uint32_t));
-
+ es->point = calloc(es->num_point, sizeof(uint32_t));
+ if (es->num_point && !es->point) {
+ es->num_point = 0;
+ BD_DEBUG(DBG_CRIT, "out of memory\n");
+ return 0;
+ }
for (ii = 0; ii < es->num_point; ii++) {
es->point[ii] = bs_read(bits, 32);
}
More information about the libbluray-devel
mailing list