Protected against NULL realloc from unbounded size (faad).

author Laurent Aimar <fenrir@videolan.org>

Tue, 29 Sep 2009 21:26:59 +0000 (23:26 +0200)

committer Laurent Aimar <fenrir@videolan.org>

Wed, 30 Sep 2009 18:43:55 +0000 (20:43 +0200)
author Laurent Aimar <fenrir@videolan.org>
Tue, 29 Sep 2009 21:26:59 +0000 (23:26 +0200)
committer Laurent Aimar <fenrir@videolan.org>
Wed, 30 Sep 2009 18:43:55 +0000 (20:43 +0200)
diff --git a/modules/codec/faad.c b/modules/codec/faad.c

index 84b77b9dde89eb0cc9fe6ff9cbcac1db6116d7bf..6dbd49938534c481d6266985c85a41bb4a9f6a92 100644 (file)
--- a/modules/codec/faad.c
+++ b/modules/codec/faad.c
@@ -232,8 +232,17 @@ static aout_buffer_t *DecodeBlock( decoder_t *p_dec, block_t **pp_block )
      /* Append the block to the temporary buffer */
      if( p_sys->i_buffer_size < p_sys->i_buffer + p_block->i_buffer )
      {
-        p_sys->i_buffer_size = p_sys->i_buffer + p_block->i_buffer;
-        p_sys->p_buffer = realloc( p_sys->p_buffer, p_sys->i_buffer_size );
+        size_t  i_buffer_size = p_sys->i_buffer + p_block->i_buffer;
+        uint8_t *p_buffer     = realloc( p_sys->p_buffer, i_buffer_size );
+        if( p_buffer )
+        {
+            p_sys->i_buffer_size = i_buffer_size;
+            p_sys->p_buffer      = p_buffer;
+        }
+        else
+        {
+            p_block->i_buffer = 0;
+        }
      }
  
      if( p_block->i_buffer > 0 )
author	Laurent Aimar <fenrir@videolan.org>
	Tue, 29 Sep 2009 21:26:59 +0000 (23:26 +0200)
committer	Laurent Aimar <fenrir@videolan.org>
	Wed, 30 Sep 2009 18:43:55 +0000 (20:43 +0200)