wav: fix integer overflow (CVE-2008-2430)

[vlc] / modules / access_output / udp.c

diff --git a/modules/access_output/udp.c b/modules/access_output/udp.c
index 20520fcd4dbdb06bf72e0c5e230424dff675bd08..a470289558c7a15b6bece583e799f6cd622cee50 100644 (file)
--- a/modules/access_output/udp.c
+++ b/modules/access_output/udp.c
@@ -116,7 +116,6 @@ static int  Seek    ( sout_access_out_t *, off_t  );
 
 static void ThreadWrite( vlc_object_t * );
 static block_t *NewUDPPacket( sout_access_out_t *, mtime_t );
-static const char *MakeRandMulticast (int family, char *buf, size_t buflen);
 
 typedef struct sout_access_thread_t
 {
@@ -174,14 +173,16 @@ static int Open( vlc_object_t *p_this )
     }
 
     if( !( p_sys = calloc ( 1, sizeof( sout_access_out_sys_t ) ) ) )
-    {
-        msg_Err( p_access, "not enough memory" );
         return VLC_ENOMEM;
-    }
     p_access->p_sys = p_sys;
 
     i_dst_port = DEFAULT_PORT;
     char *psz_parser = psz_dst_addr = strdup( p_access->psz_path );
+    if( !psz_dst_addr )
+    {
+        free( p_sys );
+        return VLC_ENOMEM;
+    }
 
     if (psz_parser[0] == '[')
         psz_parser = strchr (psz_parser, ']');
@@ -197,7 +198,6 @@ static int Open( vlc_object_t *p_this )
         vlc_object_create( p_access, sizeof( sout_access_thread_t ) );
     if( !p_sys->p_thread )
     {
-        msg_Err( p_access, "out of memory" );
         free (p_sys);
         free (psz_dst_addr);
         return VLC_ENOMEM;