libbluray | branch: master | hpi1 <[email protected]> | Mon Feb 20 10:49:37 2017 +0200| [9188e5e6149b0c25d6ad85fb461b55378c65ee42] | committer: hpi1
Fix integer overflow > http://git.videolan.org/gitweb.cgi/libbluray.git/?a=commit;h=9188e5e6149b0c25d6ad85fb461b55378c65ee42 --- src/libbluray/bdnav/clpi_parse.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/libbluray/bdnav/clpi_parse.c b/src/libbluray/bdnav/clpi_parse.c index ff9082a..cb19194 100644 --- a/src/libbluray/bdnav/clpi_parse.c +++ b/src/libbluray/bdnav/clpi_parse.c @@ -635,8 +635,12 @@ _parse_extent_start_points(BITSTREAM *bits, CLPI_EXTENT_START *es) bs_skip(bits, 32); // length es->num_point = bs_read(bits, 32); - es->point = malloc(es->num_point * sizeof(uint32_t)); - + es->point = calloc(es->num_point, sizeof(uint32_t)); + if (es->num_point && !es->point) { + es->num_point = 0; + BD_DEBUG(DBG_CRIT, "out of memory\n"); + return 0; + } for (ii = 0; ii < es->num_point; ii++) { es->point[ii] = bs_read(bits, 32); } _______________________________________________ libbluray-devel mailing list [email protected] https://mailman.videolan.org/listinfo/libbluray-devel
