From 0b31b8477e307651513874fcb20c85165c0f129e Mon Sep 17 00:00:00 2001
From: Andre Noll <maan@systemlinux.org>
Date: Sun, 30 Nov 2008 15:23:46 +0100
Subject: [PATCH 1/1] oggdec_parse_config(): Add some sanity checks.

---
 oggdec.c | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/oggdec.c b/oggdec.c
index 6b96c505..e22ea1e4 100644
--- a/oggdec.c
+++ b/oggdec.c
@@ -165,10 +165,24 @@ static ssize_t ogg_convert(char *inbuffer, size_t len, struct filter_node *fn)
 
 static void *oggdec_parse_config(int argc, char **argv)
 {
-	struct oggdec_filter_args_info *ret = para_calloc(sizeof(struct oggdec_filter_args_info));
-	if (!oggdec_cmdline_parser(argc, argv, ret))
-		return ret;
-	free(ret);
+	int ret;
+	struct oggdec_filter_args_info *ogg_conf;
+
+	ogg_conf = para_calloc(sizeof(*ogg_conf));
+	ret = oggdec_cmdline_parser(argc, argv, ogg_conf);
+	if (ret)
+		goto err;
+	if (ogg_conf->bufsize_arg < 0)
+		goto err;
+	if (ogg_conf->bufsize_arg >= INT_MAX / 1024)
+		goto err;
+	if (ogg_conf->initial_buffer_arg < 0)
+		goto err;
+	if (ogg_conf->initial_buffer_arg >= INT_MAX / 1024)
+		goto err;
+	return ogg_conf;
+err:
+	free(ogg_conf);
 	return NULL;
 }
 
-- 
2.39.2