[vlc-commits] memstream: handle overflow
Rémi Denis-Courmont
git at videolan.org
Tue Jul 16 21:49:35 CEST 2019
vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Tue Jul 16 22:49:20 2019 +0300| [ed7707caffbde23921dedc545694f5d56dd8b877] | committer: Rémi Denis-Courmont
memstream: handle overflow
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=ed7707caffbde23921dedc545694f5d56dd8b877
---
src/text/memstream.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/text/memstream.c b/src/text/memstream.c
index 292b3d602f..5b7e3ac4d0 100644
--- a/src/text/memstream.c
+++ b/src/text/memstream.c
@@ -165,15 +165,18 @@ int vlc_memstream_vprintf(struct vlc_memstream *ms, const char *fmt,
va_list ap;
char *ptr;
int len;
+ size_t newlen;
va_copy(ap, args);
len = vsnprintf(NULL, 0, fmt, ap);
va_end(ap);
- if (len < 0)
+ if (len < 0
+ || unlikely(add_overflow(ms->length, len, &newlen))
+ || unlikely(add_overflow(newlen, 1, &newlen)))
goto error;
- ptr = realloc(ms->ptr, ms->length + len + 1);
+ ptr = realloc(ms->ptr, newlen);
if (ptr == NULL)
goto error;
More information about the vlc-commits
mailing list