codec: schroedinger: fix potential buffer overflow.
The variable len is a raw 32 bit value read using GetDWBE. If this value is larger than UINT32_MAX - sizeof(eos), this will cause an integer overflow in the subsequent call to malloc, and finally a buffer overflow when calling memcpy. We fix this by checking len accordingly. Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org> (cherry picked from commit 9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5) Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
Showing
Please register or sign in to comment