Mercurial > mplayer.hg

changeset 37044:50ba718698ea

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
xvid_vbr: Sanity-check parsed variable before using it to malloc.
author reimar
date Sun, 06 Apr 2014 19:08:01 +0000
parents 43a8e37a3dcf
children f63de2684d5a
files xvid_vbr.c
diffstat 1 files changed, 3 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/xvid_vbr.c	Sun Apr 06 18:53:46 2014 +0000
+++ b/xvid_vbr.c	Sun Apr 06 19:08:01 2014 +0000
@@ -703,7 +703,9 @@
 	fscanf(state->pass1_file, "# keyframes : %d\n", &state->nb_keyframes);
 
 	/* Allocate memory space for the keyframe_location array */
-	if((state->keyframe_locations
+	if(state->nb_keyframes < 0 ||
+           state->nb_keyframes >= 0x7fffffff / sizeof(int) ||
+           (state->keyframe_locations
 	    = malloc((state->nb_keyframes+1)*sizeof(int))) == NULL) {
 		fclose(state->pass1_file);
 		state->pass1_file = NULL;