Check some unsanitized network inputs before allocating memory using them.

[dcpomatic.git] / src / tools / dcpomatic_player.cc

diff --git a/src/tools/dcpomatic_player.cc b/src/tools/dcpomatic_player.cc
index 88b0f839df0e540069bedfc00b9dc9f5d1797f6c..5dd0a0afe9f7b967bed8907a1d5cc280d6b38f72 100644 (file)
--- a/src/tools/dcpomatic_player.cc
+++ b/src/tools/dcpomatic_player.cc
@@ -1140,7 +1140,10 @@ public:
        void handle (shared_ptr<Socket> socket) override
        {
                try {
-                       int const length = socket->read_uint32 ();
+                       uint32_t const length = socket->read_uint32 ();
+                       if (length > 65536) {
+                               return;
+                       }
                        scoped_array<char> buffer (new char[length]);
                        socket->read (reinterpret_cast<uint8_t*> (buffer.get()), length);
                        string s (buffer.get());