ref: 79b9ff97f8c809f0bdd7e02ff8053aeb4e6b498b
parent: 5cc622b87a85467a804572f9b621b5a1d63ee3d8
author: Fabian Greffrath <fabian@greffrath.com>
date: Fri Apr 24 06:53:17 EDT 2020
stszin: add check for allocation error and integer overflow Fixes (the second part of) #49.
--- a/frontend/mp4read.c
+++ b/frontend/mp4read.c
@@ -343,10 +343,13 @@
u32in();
// Number of entries
mp4config.frame.ents = u32in();
- // fixme error checking
// fixme: check atom size
mp4config.frame.data = malloc(sizeof(*mp4config.frame.data)
* (mp4config.frame.ents + 1));
+
+ if (!mp4config.frame.data)
+ return ERR_FAIL;
+
ofs = 0;
mp4config.frame.data[0] = ofs;
for (cnt = 0; cnt < mp4config.frame.ents; cnt++)
@@ -358,6 +361,9 @@
mp4config.frame.maxsize = fsize;
mp4config.frame.data[cnt + 1] = ofs;
+
+ if (ofs < mp4config.frame.data[cnt])
+ return ERR_FAIL;
}
return size;