diff options
| author | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2009-01-05 23:40:10 +0000 |
|---|---|---|
| committer | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2009-01-05 23:40:10 +0000 |
| commit | 85f173cd5b12d5a53a94a2616c498cdae68fec2a (patch) | |
| tree | 655dbc4dcb7e2950bde6492c66e2572d53873c6e /misc/cdda_server.c | |
| parent | 92d532f070f578c4f7f0df3daadf05497be1ed10 (diff) | |
| parent | 5347abe5764b0a0ff3ef1d357ce9934a425758fa (diff) | |
| download | xine-lib-85f173cd5b12d5a53a94a2616c498cdae68fec2a.tar.gz xine-lib-85f173cd5b12d5a53a94a2616c498cdae68fec2a.tar.bz2 | |
Merge security fixes from 1.1.
--HG--
rename : src/demuxers/demux_nsf.c => src/combined/nsf_demuxer.c
rename : src/demuxers/demux_ogg.c => src/combined/xine_ogg_demuxer.c
rename : src/libsputext/demux_sputext.c => src/spu_dec/sputext_demuxer.c
Diffstat (limited to 'misc/cdda_server.c')
| -rw-r--r-- | misc/cdda_server.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/misc/cdda_server.c b/misc/cdda_server.c index 553ec0a8a..0e2817db3 100644 --- a/misc/cdda_server.c +++ b/misc/cdda_server.c @@ -480,6 +480,12 @@ static int process_commands( int socket ) sscanf(cmd,"%*s %d %d", &start_frame, &num_frames); + if (num_frames > INT_MAX / CD_RAW_FRAME_SIZE) + { + printf ("fatal error: integer overflow\n"); + exit (1); + } + n = num_frames * CD_RAW_FRAME_SIZE; buf = malloc( n ); if( !buf ) @@ -556,6 +562,11 @@ static int process_commands( int socket ) char *buf; sscanf(cmd,"%*s %d %d", &blocks, &flags); + if (blocks > INT_MAX / DVD_BLOCK_SIZE) + { + printf ("fatal error: integer overflow\n"); + exit (1); + } n = blocks * DVD_BLOCK_SIZE; buf = malloc( n ); |