[vlc-commits] demux: libasf: fix read overflow
Francois Cartegnie
git at videolan.org
Sun Dec 25 22:48:19 CET 2016
vlc | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Sun Dec 25 22:23:38 2016 +0100| [adefef571ef3f8848fd42334fe5391d9ffda72fe] | committer: Francois Cartegnie
demux: libasf: fix read overflow
on 32bits SIZE_T
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=adefef571ef3f8848fd42334fe5391d9ffda72fe
---
modules/demux/asf/libasf.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/modules/demux/asf/libasf.c b/modules/demux/asf/libasf.c
index 66e4ad5..a549fa5 100644
--- a/modules/demux/asf/libasf.c
+++ b/modules/demux/asf/libasf.c
@@ -359,7 +359,7 @@ static int ASF_ReadObject_metadata( stream_t *s, asf_object_t *p_obj )
{
asf_object_metadata_t *p_meta = &p_obj->metadata;
- int i_peek;
+ ssize_t i_peek;
uint32_t i;
const uint8_t *p_peek, *p_data;
@@ -396,7 +396,8 @@ static int ASF_ReadObject_metadata( stream_t *s, asf_object_t *p_obj )
p_record->i_type = ASF_READ2();
i_data = ASF_READ4();
- if( !ASF_HAVE( i_name + i_data ) )
+ if( UINT32_MAX - i_name < i_data ||
+ !ASF_HAVE( i_name + i_data ) )
break;
/* Read name */
More information about the vlc-commits
mailing list