[vlc-commits] Fixed a potential integer overflow in block_Alloc().
Laurent Aimar
git at videolan.org
Thu Jan 12 21:47:10 CET 2012
vlc | branch: master | Laurent Aimar <fenrir at videolan.org> | Thu Jan 12 21:23:25 2012 +0100| [64756cf2a5f704774c16f0842edc00044a062be0] | committer: Laurent Aimar
Fixed a potential integer overflow in block_Alloc().
When the integer overflow happens, the block_t returned will be smaller
than requested.
It partially fixes #5841.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=64756cf2a5f704774c16f0842edc00044a062be0
---
src/misc/block.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/src/misc/block.c b/src/misc/block.c
index 1d15e39..9cf832b 100644
--- a/src/misc/block.c
+++ b/src/misc/block.c
@@ -106,13 +106,14 @@ block_t *block_Alloc( size_t i_size )
*/
block_sys_t *p_sys;
uint8_t *buf;
-
#define ALIGN(x) (((x) + BLOCK_ALIGN - 1) & ~(BLOCK_ALIGN - 1))
#if 0 /*def HAVE_POSIX_MEMALIGN */
/* posix_memalign(,16,) is much slower than malloc() on glibc.
* -- Courmisch, September 2009, glibc 2.5 & 2.9 */
const size_t i_alloc = ALIGN(sizeof(*p_sys)) + (2 * BLOCK_PADDING)
+ ALIGN(i_size);
+ if( unlikely(i_alloc <= i_size) )
+ return NULL;
void *ptr;
if( posix_memalign( &ptr, BLOCK_ALIGN, i_alloc ) )
@@ -124,6 +125,9 @@ block_t *block_Alloc( size_t i_size )
#else
const size_t i_alloc = sizeof(*p_sys) + BLOCK_ALIGN + (2 * BLOCK_PADDING)
+ ALIGN(i_size);
+ if( unlikely(i_alloc <= i_size) )
+ return NULL;
+
p_sys = malloc( i_alloc );
if( p_sys == NULL )
return NULL;
More information about the vlc-commits
mailing list