[vlc-commits] XSPF: fix realloc() integer overflow
Rémi Denis-Courmont
git at videolan.org
Sat Jun 4 16:05:33 CEST 2011
vlc/vlc-1.1 | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sat Jun 4 16:59:48 2011 +0300| [74d34b63fdda947c4e92f19e43cac0c51aabc4d7] | committer: Rémi Denis-Courmont
XSPF: fix realloc() integer overflow
(cherry picked from commit cd929923ff49175a501bb3e9553a683bc42ff61c)
> http://git.videolan.org/gitweb.cgi/vlc/vlc-1.1.git/?a=commit;h=74d34b63fdda947c4e92f19e43cac0c51aabc4d7
---
modules/demux/playlist/xspf.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/modules/demux/playlist/xspf.c b/modules/demux/playlist/xspf.c
index 01293e2..7761434 100644
--- a/modules/demux/playlist/xspf.c
+++ b/modules/demux/playlist/xspf.c
@@ -504,7 +504,8 @@ static bool parse_track_node COMPLEX_INTERFACE
}
free( psz_uri );
- if( p_sys->i_track_id < 0 )
+ if( p_sys->i_track_id < 0
+ || p_sys->i_track_id >= (SIZE_MAX / sizeof(p_new_input)) )
{
input_item_node_AppendNode( p_input_node, p_new_node );
vlc_gc_decref( p_new_input );
More information about the vlc-commits
mailing list