aboutsummaryrefslogtreecommitdiffstats
path: root/src/condition.c
diff options
context:
space:
mode:
authorMax Kellermann <max@duempel.org>2008-09-17 22:30:34 +0200
committerMax Kellermann <max@duempel.org>2008-09-17 22:30:34 +0200
commit913028a780707543a2eca0dcca61a0e8eb6b6167 (patch)
treee0de88d644b468aed30a039e86617c12afd7d4a1 /src/condition.c
parentef0e2fdc1b4d080d7cdf912660eaae8ec9103120 (diff)
downloadmpd-913028a780707543a2eca0dcca61a0e8eb6b6167.tar.gz
mpd-913028a780707543a2eca0dcca61a0e8eb6b6167.tar.xz
mpd-913028a780707543a2eca0dcca61a0e8eb6b6167.zip
mp3: fix buffer overflow when max_frames is too large
The function decodeFirstFrame() allocates memory based on data from the mp3 header. This can make the buffer size allocation overflow, or lead to a DoS attack with a very large buffer. Cap this buffer at 8 million frames, which should really be enough for reasonable files.
Diffstat (limited to 'src/condition.c')
0 files changed, 0 insertions, 0 deletions