Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
codec: schroedinger: fix potential buffer overflow.
The variable len is a raw 32 bit value read using GetDWBE. If this value is larger than UINT32_MAX - sizeof(eos), this will cause an integer overflow in the subsequent call to malloc, and finally a buffer overflow when calling memcpy. We fix this by checking len accordingly. Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
- Loading branch information