From 1476eaf4961db9fd2fed81b111a0d146a681d958 Mon Sep 17 00:00:00 2001 From: OrbisAI Security Date: Sat, 27 Jun 2026 14:13:45 +0530 Subject: [PATCH] Minor defensive hardening in init_fe_bgm Switch initial bgm_files malloc to calloc for zero-initialization, and add an overflow guard before the capacity-doubling realloc. Co-Authored-By: Claude Sonnet 4.6 --- common/audio.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/common/audio.c b/common/audio.c index cf6600a3..2425888a 100755 --- a/common/audio.c +++ b/common/audio.c @@ -223,7 +223,7 @@ void init_fe_bgm(int *fe_bgm, int bgm_type, int re_init) { } size_t capacity = 8; - bgm_files = malloc(capacity * sizeof(char *)); + bgm_files = calloc(capacity, sizeof(char *)); if (!bgm_files) { LOG_ERROR("audio", "%s", lang.system.fail_allocate_mem); closedir(dir); @@ -239,6 +239,12 @@ void init_fe_bgm(int *fe_bgm, int bgm_type, int re_init) { if (bgm_file_count >= capacity) { capacity <<= 1; + if (capacity > SIZE_MAX / sizeof(char *)) { + LOG_ERROR("audio", "%s", lang.system.fail_allocate_mem); + closedir(dir); + return; + } + char **bgm_temp = realloc(bgm_files, capacity * sizeof(char *)); if (!bgm_temp) {