ape: added protection against large memory allocations

The function tag_ape_load() retrieves a 32 bit unsigned integer from
the input file, and passes it to g_malloc().  This is dangerous, and
may be used for a denial of service attack on MPD.
This commit is contained in:
Max Kellermann
2009-07-19 17:38:46 +02:00
parent e3ff0ab6d1
commit 0ce727d5d4
2 changed files with 4 additions and 0 deletions
+1
View File
@@ -1,6 +1,7 @@
ver 0.15.2 (2009/??/??)
* tags:
- ape: check the tag size (fixes integer underflow)
- ape: added protection against large memory allocations
ver 0.15.1 (2009/07/15)