[MPlayer-cvslog] r26299 - trunk/stream/realrtsp/sdpplin.c
reimar
subversion at mplayerhq.hu
Sat Mar 29 12:35:29 CET 2008
Author: reimar
Date: Sat Mar 29 12:35:29 2008
New Revision: 26299
Log:
Fix possible integer overflow in malloc by using calloc instead.
Should fix CVE-2008-0073 as far as MPlayer is affected by this problem.
Modified:
trunk/stream/realrtsp/sdpplin.c
Modified: trunk/stream/realrtsp/sdpplin.c
==============================================================================
--- trunk/stream/realrtsp/sdpplin.c (original)
+++ trunk/stream/realrtsp/sdpplin.c Sat Mar 29 12:35:29 2008
@@ -330,7 +330,8 @@ sdpplin_t *sdpplin_parse(char *data) {
if(filter(data,"a=StreamCount:integer;",&buf)) {
desc->stream_count=(unsigned int)atoi(buf);
- desc->stream=malloc(sizeof(sdpplin_stream_t*)*desc->stream_count);
+ desc->stream=calloc(desc->stream_count, sizeof(sdpplin_stream_t*));
+ if (!desc->stream) desc->stream_count = 0;
handled=1;
data=nl(data);
}
More information about the MPlayer-cvslog
mailing list