[vlc-commits] Fixed a potential integer overflow in MemToBlock().

Laurent Aimar git at videolan.org
Thu Jan 12 23:02:56 CET 2012


vlc/vlc-1.2 | branch: master | Laurent Aimar <fenrir at videolan.org> | Thu Jan 12 21:31:13 2012 +0100| [964c85aa2acd4bd8a83bd238de17454e674ffdfa] | committer: Jean-Baptiste Kempf

Fixed a potential integer overflow in MemToBlock().

When the integer overflow happens, the block_t returned will be smaller
than requested.
It fixes the second half of #5841.
(cherry picked from commit 04c9c0e7e8f4687c9881c6ad10d9e31152249697)

Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-1.2.git/?a=commit;h=964c85aa2acd4bd8a83bd238de17454e674ffdfa
---

 modules/demux/mkv/mkv.cpp |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/modules/demux/mkv/mkv.cpp b/modules/demux/mkv/mkv.cpp
index ebbcafa..67af69e 100644
--- a/modules/demux/mkv/mkv.cpp
+++ b/modules/demux/mkv/mkv.cpp
@@ -455,6 +455,9 @@ static void Seek( demux_t *p_demux, mtime_t i_date, double f_percent, virtual_ch
 /* Utility function for BlockDecode */
 static block_t *MemToBlock( uint8_t *p_mem, size_t i_mem, size_t offset)
 {
+    if( unlikely( i_mem > SIZE_MAX - offset ) )
+        return NULL;
+
     block_t *p_block = block_New( p_demux, i_mem + offset );
     if( likely(p_block != NULL) )
     {



More information about the vlc-commits mailing list