$NetBSD: patch-ae,v 1.3 2007/09/21 12:00:11 abs Exp $

--- src/player.c.orig	Tue Dec 10 19:30:26 2002
+++ src/player.c
@@ -43,6 +43,16 @@
 #include "player/record.h"   /* Provides: parameter mechanism            */
 #include "player/meta.h"     /* Provides: record interpreters            */
 
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#ifndef UINT32_MAX
+#include <limits.h>
+#endif
+#ifndef UINT32_MAX
+#define UINT32_MAX	UINT_MAX
+#endif
+
 /**
  * @internal
  */
@@ -132,8 +142,14 @@ wmf_error_t wmf_scan (wmfAPI* API,unsign
 		}
 	}
 
-/*	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
- */	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
+	if (MAX_REC_SIZE(API) > UINT32_MAX/ 2)
+	{
+		API->err = wmf_E_InsMem;
+		WMF_DEBUG (API,"bailing...");
+		return (API->err);
+	}
+	
+ 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
 
 	if (ERR (API))
 	{	WMF_DEBUG (API,"bailing...");