[vlc-devel] commit: Protected against NULL realloc from unbounded size (faad). ( Laurent Aimar )
git version control
git at videolan.org
Sat Oct 3 18:42:17 CEST 2009
vlc | branch: 1.0-bugfix | Laurent Aimar <fenrir at videolan.org> | Tue Sep 29 23:26:59 2009 +0200| [f329490cf006935194b4a450556cc6157e455527] | committer: Laurent Aimar
Protected against NULL realloc from unbounded size (faad).
(cherry picked from commit 7eadb126ddc6da488a96b48e015a03f9383753a1)
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=f329490cf006935194b4a450556cc6157e455527
---
modules/codec/faad.c | 13 +++++++++++--
1 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/modules/codec/faad.c b/modules/codec/faad.c
index e050a94..ae44675 100644
--- a/modules/codec/faad.c
+++ b/modules/codec/faad.c
@@ -233,8 +233,17 @@ static aout_buffer_t *DecodeBlock( decoder_t *p_dec, block_t **pp_block )
/* Append the block to the temporary buffer */
if( p_sys->i_buffer_size < p_sys->i_buffer + p_block->i_buffer )
{
- p_sys->i_buffer_size = p_sys->i_buffer + p_block->i_buffer;
- p_sys->p_buffer = realloc( p_sys->p_buffer, p_sys->i_buffer_size );
+ size_t i_buffer_size = p_sys->i_buffer + p_block->i_buffer;
+ uint8_t *p_buffer = realloc( p_sys->p_buffer, i_buffer_size );
+ if( p_buffer )
+ {
+ p_sys->i_buffer_size = i_buffer_size;
+ p_sys->p_buffer = p_buffer;
+ }
+ else
+ {
+ p_block->i_buffer = 0;
+ }
}
if( p_block->i_buffer > 0 )
More information about the vlc-devel
mailing list