Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc-1.1
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc-1.1
Commits
456bdd9f
Commit
456bdd9f
authored
Feb 15, 2008
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix two more calloc-based denial of service in the MP4 demux.
parent
4d12ba40
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
4 additions
and
0 deletions
+4
-0
modules/demux/mp4/mp4.c
modules/demux/mp4/mp4.c
+4
-0
No files found.
modules/demux/mp4/mp4.c
View file @
456bdd9f
...
...
@@ -485,6 +485,8 @@ static int Open( vlc_object_t * p_this )
/* allocate memory */
p_sys
->
track
=
calloc
(
p_sys
->
i_tracks
,
sizeof
(
mp4_track_t
)
);
if
(
p_sys
->
track
==
NULL
)
goto
error
;
memset
(
p_sys
->
track
,
0
,
p_sys
->
i_tracks
*
sizeof
(
mp4_track_t
)
);
/* Search the first chap reference (like quicktime) */
...
...
@@ -1232,6 +1234,8 @@ static int TrackCreateSamplesIndex( demux_t *p_demux,
p_demux_track
->
i_sample_size
=
0
;
p_demux_track
->
p_sample_size
=
calloc
(
p_demux_track
->
i_sample_count
,
sizeof
(
uint32_t
)
);
if
(
p_demux_track
->
p_sample_size
==
NULL
)
return
VLC_ENOMEM
;
for
(
i_sample
=
0
;
i_sample
<
p_demux_track
->
i_sample_count
;
i_sample
++
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment