claunia/flac
1
0
Fork 0
mirror of https://github.com/claunia/flac.git synced 2025-12-16 18:54:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

extra checking on memory allocation sizes to prevent a class of overflow attacks

Browse Source
This commit is contained in:
Josh Coalson
2007-09-11 04:49:56 +00:00
parent 0221d87c89
commit 0f008d2e9e
26 changed files with 234 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/plugin_common/charset.c
View File

@@ -83,6 +83,8 @@ char* FLAC_plugin__charset_convert_string (const char *string, char *from, char
/* Due to a GLIBC bug, round outbuf_size up to a multiple of 4 */
/* + 1 for nul in case len == 1 */
outsize = ((length + 3) & ~3) + 1;
if(outsize < length) /* overflow check */
return NULL;
out = (char*)malloc(outsize);
outleft = outsize - 1;
outptr = out;
@@ -95,6 +97,10 @@ retry:
{
case E2BIG:
used = outptr - out;
if((outsize - 1) * 2 + 1 <= outsize) { /* overflow check */
free(out);
return NULL;
}
outsize = (outsize - 1) * 2 + 1;
out = realloc(out, outsize);
outptr = out + used;