From ca402f32e392590a81a1381dab41c4f9c2c2f98a Mon Sep 17 00:00:00 2001
From: Max Horn <max@quendi.de>
Date: Tue, 12 Apr 2011 17:44:20 +0200
Subject: handle malloc failures in ff_get_wav_header

ff_get_wav_header is reading data from a WAVE file and then uses it
(without validation) to malloc a buffer. It then proceeded to read
data into the buffer, without verifying that the allocation succeeded.

To address this, change ff_get_wav_header to return an error if
allocation failed, and adapted all calling code to handle that error.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
---
 libavformat/wtv.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'libavformat/wtv.c')

diff --git a/libavformat/wtv.c b/libavformat/wtv.c
index 8260fe19b2..0a18c8e517 100644
--- a/libavformat/wtv.c
+++ b/libavformat/wtv.c
@@ -675,7 +675,9 @@ static AVStream * parse_media_type(AVFormatContext *s, AVStream *st, int sid,
         if (!st)
             return NULL;
         if (!ff_guidcmp(formattype, format_waveformatex)) {
-            ff_get_wav_header(pb, st->codec, size);
+            int ret = ff_get_wav_header(pb, st->codec, size);
+            if (ret < 0)
+                return NULL;
         } else {
             if (ff_guidcmp(formattype, format_none))
                 av_log(s, AV_LOG_WARNING, "unknown formattype:"PRI_GUID"\n", ARG_GUID(formattype));
-- 
cgit v1.2.3