[vlc-commits] Fixed a potential integer overflow in MemToBlock().
Laurent Aimar
git at videolan.org
Thu Jan 12 23:02:56 CET 2012
vlc/vlc-1.2 | branch: master | Laurent Aimar <fenrir at videolan.org> | Thu Jan 12 21:31:13 2012 +0100| [964c85aa2acd4bd8a83bd238de17454e674ffdfa] | committer: Jean-Baptiste Kempf
Fixed a potential integer overflow in MemToBlock().
When the integer overflow happens, the block_t returned will be smaller
than requested.
It fixes the second half of #5841.
(cherry picked from commit 04c9c0e7e8f4687c9881c6ad10d9e31152249697)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc/vlc-1.2.git/?a=commit;h=964c85aa2acd4bd8a83bd238de17454e674ffdfa
---
modules/demux/mkv/mkv.cpp | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/modules/demux/mkv/mkv.cpp b/modules/demux/mkv/mkv.cpp
index ebbcafa..67af69e 100644
--- a/modules/demux/mkv/mkv.cpp
+++ b/modules/demux/mkv/mkv.cpp
@@ -455,6 +455,9 @@ static void Seek( demux_t *p_demux, mtime_t i_date, double f_percent, virtual_ch
/* Utility function for BlockDecode */
static block_t *MemToBlock( uint8_t *p_mem, size_t i_mem, size_t offset)
{
+ if( unlikely( i_mem > SIZE_MAX - offset ) )
+ return NULL;
+
block_t *p_block = block_New( p_demux, i_mem + offset );
if( likely(p_block != NULL) )
{
More information about the vlc-commits
mailing list