vlc | branch: master | Rémi Denis-Courmont <[email protected]> | Tue Jul 16 22:49:20 2019 +0300| [ed7707caffbde23921dedc545694f5d56dd8b877] | committer: Rémi Denis-Courmont
memstream: handle overflow > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=ed7707caffbde23921dedc545694f5d56dd8b877 --- src/text/memstream.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/text/memstream.c b/src/text/memstream.c index 292b3d602f..5b7e3ac4d0 100644 --- a/src/text/memstream.c +++ b/src/text/memstream.c @@ -165,15 +165,18 @@ int vlc_memstream_vprintf(struct vlc_memstream *ms, const char *fmt, va_list ap; char *ptr; int len; + size_t newlen; va_copy(ap, args); len = vsnprintf(NULL, 0, fmt, ap); va_end(ap); - if (len < 0) + if (len < 0 + || unlikely(add_overflow(ms->length, len, &newlen)) + || unlikely(add_overflow(newlen, 1, &newlen))) goto error; - ptr = realloc(ms->ptr, ms->length + len + 1); + ptr = realloc(ms->ptr, newlen); if (ptr == NULL) goto error; _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
