[vlc-commits] XSPF: fix realloc() integer overflow
Rémi Denis-Courmont
git at videolan.org
Sat Jun 4 16:01:19 CEST 2011
vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sat Jun 4 16:59:48 2011 +0300| [cd929923ff49175a501bb3e9553a683bc42ff61c] | committer: Rémi Denis-Courmont
XSPF: fix realloc() integer overflow
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cd929923ff49175a501bb3e9553a683bc42ff61c
---
modules/demux/playlist/xspf.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/modules/demux/playlist/xspf.c b/modules/demux/playlist/xspf.c
index 9a07650..464286e 100644
--- a/modules/demux/playlist/xspf.c
+++ b/modules/demux/playlist/xspf.c
@@ -427,7 +427,8 @@ static bool parse_track_node COMPLEX_INTERFACE
else
free( psz_uri );
- if( p_sys->i_track_id < 0 )
+ if( p_sys->i_track_id < 0
+ || p_sys->i_track_id >= (SIZE_MAX / sizeof(p_new_input)) )
{
input_item_node_AppendNode( p_input_node, p_new_node );
vlc_gc_decref( p_new_input );
More information about the vlc-commits
mailing list