diff options
author | Max Kellermann <max@duempel.org> | 2008-09-17 22:30:34 +0200 |
---|---|---|
committer | Eric Wong <normalperson@yhbt.net> | 2008-09-17 14:23:40 -0700 |
commit | ebaee174fc6cdc15a94654239de97ee55f7de5b2 (patch) | |
tree | 5fcd3095c58c6fadfe3a69cc0e8642c12d316a17 /m4 | |
parent | f851baf8c6e7cfc8d8b2bf904d8c090e70618190 (diff) | |
download | mpd-ebaee174fc6cdc15a94654239de97ee55f7de5b2.tar.gz mpd-ebaee174fc6cdc15a94654239de97ee55f7de5b2.tar.xz mpd-ebaee174fc6cdc15a94654239de97ee55f7de5b2.zip |
mp3: fix buffer overflow when max_frames is too large
The function decodeFirstFrame() allocates memory based on data from
the mp3 header. This can make the buffer size allocation overflow, or
lead to a DoS attack with a very large buffer. Cap this buffer at 8
million frames, which should really be enough for reasonable files.
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions