[MPlayer-cvslog] r37140 - trunk/xvid_vbr.c

Sun Apr 6 21:08:01 CEST 2014

Author: reimar
Date: Sun Apr  6 21:08:01 2014
New Revision: 37140

Log:
xvid_vbr: Sanity-check parsed variable before using it to malloc.

Modified:
   trunk/xvid_vbr.c

Modified: trunk/xvid_vbr.c
==============================================================================

--- trunk/xvid_vbr.c	Sun Apr  6 20:53:46 2014	(r37139)
+++ trunk/xvid_vbr.c	Sun Apr  6 21:08:01 2014	(r37140)
@@ -703,7 +703,9 @@ static int vbr_init_2pass2(void *sstate)
 	fscanf(state->pass1_file, "# keyframes : %d\n", &state->nb_keyframes);
 
 	/* Allocate memory space for the keyframe_location array */
-	if((state->keyframe_locations
+	if(state->nb_keyframes < 0 ||
+           state->nb_keyframes >= 0x7fffffff / sizeof(int) ||
+           (state->keyframe_locations
 	    = malloc((state->nb_keyframes+1)*sizeof(int))) == NULL) {
 		fclose(state->pass1_file);
 		state->pass1_file = NULL;
