pjs/media/liboggplay/bug523816.patch

30 строки
972 B
Diff

diff --git a/media/liboggplay/src/liboggplay/oggplay_data.c b/media/liboggplay/src/liboggplay/oggplay_data.c
--- a/media/liboggplay/src/liboggplay/oggplay_data.c
+++ b/media/liboggplay/src/liboggplay/oggplay_data.c
@@ -353,22 +353,19 @@ oggplay_data_handle_audio_data (OggPlayD
OggPlayErrorCode
oggplay_data_handle_cmml_data(OggPlayDecode *decode,
unsigned char *data,
long size) {
OggPlayTextRecord * record = NULL;
size_t record_size = sizeof(OggPlayTextRecord);
- /* check that the size we want to allocate doesn't overflow */
- if ((size < 0) || (size+1 < 0)) {
- return E_OGGPLAY_TYPE_OVERFLOW;
- }
- size += 1;
-
+ /* Include extra byte for null terminating record data buffer */
+ record_size += 1;
+
if
(
oggplay_check_add_overflow (record_size, size, &record_size)
==
E_OGGPLAY_TYPE_OVERFLOW
)
{
return E_OGGPLAY_TYPE_OVERFLOW;