Commit d12f4d30 authored by Timothy B. Terriberry's avatar Timothy B. Terriberry
Browse files

Better overflow check for serialno allocation.

parent cfe03293
......@@ -237,7 +237,9 @@ static int op_add_serialno(const ogg_page *_og,
nserialnos=*_nserialnos;
cserialnos=*_cserialnos;
if(OP_UNLIKELY(nserialnos>=cserialnos)){
if(OP_UNLIKELY(cserialnos>INT_MAX-1>>1))return OP_EFAULT;
if(OP_UNLIKELY(cserialnos>INT_MAX/(int)sizeof(*serialnos)-1>>1)){
return OP_EFAULT;
}
cserialnos=2*cserialnos+1;
OP_ASSERT(nserialnos<cserialnos);
serialnos=(ogg_uint32_t *)_ogg_realloc(serialnos,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment