Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc
Commits
eb9963eb
Commit
eb9963eb
authored
Nov 17, 2008
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Real: fix integer overflow
This is trivially exploitable to run code. Pointed-out-by: Tobias Klein
parent
56acdf5c
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
1 addition
and
4 deletions
+1
-4
modules/demux/real.c
modules/demux/real.c
+1
-4
No files found.
modules/demux/real.c
View file @
eb9963eb
...
@@ -928,13 +928,10 @@ static void ReadRealIndex( demux_t *p_demux )
...
@@ -928,13 +928,10 @@ static void ReadRealIndex( demux_t *p_demux )
msg_Dbg
(
p_demux
,
"Real Index: Does next index exist? %d "
,
msg_Dbg
(
p_demux
,
"Real Index: Does next index exist? %d "
,
GetDWBE
(
&
buffer
[
16
]
)
);
GetDWBE
(
&
buffer
[
16
]
)
);
p_sys
->
p_index
=
p_sys
->
p_index
=
calloc
(
i_index_count
+
1
,
sizeof
(
rm_index_t
)
);
(
rm_index_t
*
)
malloc
(
sizeof
(
rm_index_t
)
*
(
i_index_count
+
1
)
);
if
(
p_sys
->
p_index
==
NULL
)
if
(
p_sys
->
p_index
==
NULL
)
return
;
return
;
memset
(
p_sys
->
p_index
,
0
,
sizeof
(
rm_index_t
)
*
(
i_index_count
+
1
)
);
for
(
i
=
0
;
i
<
i_index_count
;
i
++
)
for
(
i
=
0
;
i
<
i_index_count
;
i
++
)
{
{
if
(
stream_Read
(
p_demux
->
s
,
buffer
,
14
)
<
14
)
if
(
stream_Read
(
p_demux
->
s
,
buffer
,
14
)
<
14
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment