Real: fix integer overflow

This is trivially exploitable to run code. Pointed-out-by: Tobias Klein (cherry picked from commit eb9963eb)

Real: fix integer overflow
This is trivially exploitable to run code. Pointed-out-by: Tobias Klein (cherry picked from commit eb9963eb)
d19de4e9 · Rémi Denis-Courmont · 9d01dfdc · d19de4e9
Commit d19de4e9 authored Nov 17, 2008 by Rémi Denis-Courmont
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 4 deletions

modules/demux/real.c modules/demux/real.c +1 -4

No files found.
--- a/modules/demux/real.c
+++ b/modules/demux/real.c
@@ -932,16 +932,13 @@ static void ReadRealIndex( demux_t *p_demux )
        msg_Dbg( p_demux, "Real Index: Does next index exist? %d ",
                        GetDWBE( &buffer[16] )  );

-    p_sys->p_index = 
-            (rm_index_t *)malloc( sizeof( rm_index_t ) * (i_index_count+1) );
+    p_sys->p_index = calloc( i_index_count + 1, sizeof( rm_index_t ) );
    if( p_sys->p_index == NULL )
    {
        msg_Err( p_demux, "Memory allocation error" ); 
        return;
    }

-    memset( p_sys->p_index, 0, sizeof(rm_index_t) * (i_index_count+1) );
-
    for( i=0; i<i_index_count; i++ )
    {
        if( stream_Read( p_demux->s, buffer, 14 ) < 14 )