extra checking on memory allocation sizes to prevent a class of overflow attacks

2025-12-16 18:54:26 +00:00 · 2007-09-11 04:49:56 +00:00
parent 0221d87c89
commit 0f008d2e9e
26 changed files with 234 additions and 115 deletions
--- a/src/plugin_winamp2/in_flac.c
+++ b/src/plugin_winamp2/in_flac.c
@@ -24,6 +24,7 @@
 #include <limits.h> /* for INT_MAX */
 #include <stdio.h>

+#include "share/alloc.h"
 #include "winamp2/in2.h"
 #include "configure.h"
 #include "infobox.h"
@@ -279,7 +280,7 @@ static T_CHAR *get_tag(const T_CHAR *tag, void *param)
 	if (!tag)
 		return 0;
 	/* Vorbis comment names must be ASCII, so convert 'tag' first */
-	tagname = malloc(wcslen(tag)+1);
+	tagname = safe_malloc_add_2op_(wcslen(tag), /*+*/1);
 	for(p=tagname;*tag;) {
 		if(*tag > 0x7d) {
 			free(tagname);