wav: fix integer overflow (CVE-2008-2430)
When i_size is sufficiently large, we would overflow malloc(), and then overwrite the heap with stream_Read(). Bug reported by: Alin Rad Pop, Secunia Research. (cherry-picked from commit 95e2f0ff579a5b987cbde9454aa1fc86080528e2)
Showing
Please register or sign in to comment