File sec-001.diff of Package xine-lib
diff -r a3ad06e2320f -r 30eb014e9b32 misc/cdda_server.c
--- a/misc/cdda_server.c Tue Dec 09 22:02:13 2008 +0000
+++ b/misc/cdda_server.c Thu Aug 21 00:18:00 2008 +0000
@@ -480,6 +480,12 @@
sscanf(cmd,"%*s %d %d", &start_frame, &num_frames);
+ if (num_frames > INT_MAX / CD_RAW_FRAME_SIZE)
+ {
+ printf ("fatal error: integer overflow\n");
+ exit (1);
+ }
+
n = num_frames * CD_RAW_FRAME_SIZE;
buf = malloc( n );
if( !buf )
@@ -556,6 +562,11 @@
char *buf;
sscanf(cmd,"%*s %d %d", &blocks, &flags);
+ if (blocks > INT_MAX / DVD_BLOCK_SIZE)
+ {
+ printf ("fatal error: integer overflow\n");
+ exit (1);
+ }
n = blocks * DVD_BLOCK_SIZE;
buf = malloc( n );
diff -r a3ad06e2320f -r 30eb014e9b32 src/combined/ffmpeg/ff_audio_decoder.c
--- a/src/combined/ffmpeg/ff_audio_decoder.c Tue Dec 09 22:02:13 2008 +0000
+++ b/src/combined/ffmpeg/ff_audio_decoder.c Thu Aug 21 00:18:00 2008 +0000
@@ -249,6 +249,8 @@
if (extradata + data_len > this->size)
break; /* abort early - extradata length is bad */
+ if (extradata > INT_MAX - data_len)
+ break;/*integer overflow*/
this->context->extradata_size = data_len;
this->context->extradata = malloc(this->context->extradata_size +
