[vlc-commits] Fixed a potential integer overflow in block_Alloc().

Laurent Aimar git at videolan.org
Thu Jan 12 23:02:56 CET 2012


vlc/vlc-1.2 | branch: master | Laurent Aimar <fenrir at videolan.org> | Thu Jan 12 21:23:25 2012 +0100| [81a54d65d27ed6a5c1c944857982110932b0985e] | committer: Jean-Baptiste Kempf

Fixed a potential integer overflow in block_Alloc().

When the integer overflow happens, the block_t returned will be smaller
than requested.
It partially fixes #5841.
(cherry picked from commit 64756cf2a5f704774c16f0842edc00044a062be0)

Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-1.2.git/?a=commit;h=81a54d65d27ed6a5c1c944857982110932b0985e
---

 src/misc/block.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/src/misc/block.c b/src/misc/block.c
index 1d15e39..9cf832b 100644
--- a/src/misc/block.c
+++ b/src/misc/block.c
@@ -106,13 +106,14 @@ block_t *block_Alloc( size_t i_size )
      */
     block_sys_t *p_sys;
     uint8_t *buf;
-
 #define ALIGN(x) (((x) + BLOCK_ALIGN - 1) & ~(BLOCK_ALIGN - 1))
 #if 0 /*def HAVE_POSIX_MEMALIGN */
     /* posix_memalign(,16,) is much slower than malloc() on glibc.
      * -- Courmisch, September 2009, glibc 2.5 & 2.9 */
     const size_t i_alloc = ALIGN(sizeof(*p_sys)) + (2 * BLOCK_PADDING)
                          + ALIGN(i_size);
+    if( unlikely(i_alloc <= i_size) )
+        return NULL;
     void *ptr;
 
     if( posix_memalign( &ptr, BLOCK_ALIGN, i_alloc ) )
@@ -124,6 +125,9 @@ block_t *block_Alloc( size_t i_size )
 #else
     const size_t i_alloc = sizeof(*p_sys) + BLOCK_ALIGN + (2 * BLOCK_PADDING)
                          + ALIGN(i_size);
+    if( unlikely(i_alloc <= i_size) )
+        return NULL;
+
     p_sys = malloc( i_alloc );
     if( p_sys == NULL )
         return NULL;



More information about the vlc-commits mailing list