Commit 7eadb126 authored by Laurent Aimar's avatar Laurent Aimar

Protected against NULL realloc from unbounded size (faad).

parent 6cc2e234
......@@ -232,8 +232,17 @@ static aout_buffer_t *DecodeBlock( decoder_t *p_dec, block_t **pp_block )
/* Append the block to the temporary buffer */
if( p_sys->i_buffer_size < p_sys->i_buffer + p_block->i_buffer )
{
p_sys->i_buffer_size = p_sys->i_buffer + p_block->i_buffer;
p_sys->p_buffer = realloc( p_sys->p_buffer, p_sys->i_buffer_size );
size_t i_buffer_size = p_sys->i_buffer + p_block->i_buffer;
uint8_t *p_buffer = realloc( p_sys->p_buffer, i_buffer_size );
if( p_buffer )
{
p_sys->i_buffer_size = i_buffer_size;
p_sys->p_buffer = p_buffer;
}
else
{
p_block->i_buffer = 0;
}
}
if( p_block->i_buffer > 0 )
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment