vlc/vlc-1.2 | branch: master | Laurent Aimar <[email protected]> | Thu Jan 12 21:23:25 2012 +0100| [81a54d65d27ed6a5c1c944857982110932b0985e] | committer: Jean-Baptiste Kempf
Fixed a potential integer overflow in block_Alloc(). When the integer overflow happens, the block_t returned will be smaller than requested. It partially fixes #5841. (cherry picked from commit 64756cf2a5f704774c16f0842edc00044a062be0) Signed-off-by: Jean-Baptiste Kempf <[email protected]> > http://git.videolan.org/gitweb.cgi/vlc/vlc-1.2.git/?a=commit;h=81a54d65d27ed6a5c1c944857982110932b0985e --- src/misc/block.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/src/misc/block.c b/src/misc/block.c index 1d15e39..9cf832b 100644 --- a/src/misc/block.c +++ b/src/misc/block.c @@ -106,13 +106,14 @@ block_t *block_Alloc( size_t i_size ) */ block_sys_t *p_sys; uint8_t *buf; - #define ALIGN(x) (((x) + BLOCK_ALIGN - 1) & ~(BLOCK_ALIGN - 1)) #if 0 /*def HAVE_POSIX_MEMALIGN */ /* posix_memalign(,16,) is much slower than malloc() on glibc. * -- Courmisch, September 2009, glibc 2.5 & 2.9 */ const size_t i_alloc = ALIGN(sizeof(*p_sys)) + (2 * BLOCK_PADDING) + ALIGN(i_size); + if( unlikely(i_alloc <= i_size) ) + return NULL; void *ptr; if( posix_memalign( &ptr, BLOCK_ALIGN, i_alloc ) ) @@ -124,6 +125,9 @@ block_t *block_Alloc( size_t i_size ) #else const size_t i_alloc = sizeof(*p_sys) + BLOCK_ALIGN + (2 * BLOCK_PADDING) + ALIGN(i_size); + if( unlikely(i_alloc <= i_size) ) + return NULL; + p_sys = malloc( i_alloc ); if( p_sys == NULL ) return NULL; _______________________________________________ vlc-commits mailing list [email protected] http://mailman.videolan.org/listinfo/vlc-commits
