blob: c6bd017c2f8f4c5672ecbc8c7d1b292692a4c95a (
about) (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
--- libwmf-0.2.8.4/src/player.c
+++ libwmf-0.2.8.4/src/player.c
@@ -139,8 +139,31 @@
WMF_DEBUG (API,"bailing...");
return (API->err);
}
-
- P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
+
+ U32 nMaxRecordSize = (MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char);
+ if (nMaxRecordSize)
+ {
+ //before allocating memory do a sanity check on size by seeking
+ //to claimed end to see if its possible. We're constrained here
+ //by the api and existing implementations to not simply seeking
+ //to SEEK_END. So use what we have to skip to the last byte and
+ //try and read it.
+ const long nPos = WMF_TELL (API);
+ WMF_SEEK (API, nPos + nMaxRecordSize - 1);
+ if (ERR (API))
+ { WMF_DEBUG (API,"bailing...");
+ return (API->err);
+ }
+ int byte = WMF_READ (API);
+ if (byte == (-1))
+ { WMF_ERROR (API,"Unexpected EOF!");
+ API->err = wmf_E_EOF;
+ return (API->err);
+ }
+ WMF_SEEK (API, nPos);
+ }
+
+ P->Parameters = (unsigned char*) wmf_malloc (API, nMaxRecordSize);
if (ERR (API))
{ WMF_DEBUG (API,"bailing...");
|
