[vlc-commits] demux/nsv: invalid NSVf header size leads to infinite loop (fixes #17563)
Filip Roséen
git at videolan.org
Tue Nov 1 22:25:55 CET 2016
vlc/vlc-2.2 | branch: master | Filip Roséen <filip at atch.se> | Sun Oct 30 23:27:36 2016 +0100| [a88132b34ebb1e09cfe7355125270012e7a85f8d] | committer: Rémi Denis-Courmont
demux/nsv: invalid NSVf header size leads to infinite loop (fixes #17563)
According to the specification of nsv, a file header size of 0 (and
0xFFFFFFFF) is invalid; these changes prevents an infinite loop if the
size is specified as the former, while also making sure that we do not
try to parse files containing the latter.
- http://multimedia.cx/nsv-format.txt
Signed-off-by: Rémi Denis-Courmont <remi at remlab.net>
(cherry picked from commit 87cf24c252569d13335cee006ae59c1fe0718705)
Conflicts:
modules/demux/nsv.c
> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=a88132b34ebb1e09cfe7355125270012e7a85f8d
---
modules/demux/nsv.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/modules/demux/nsv.c b/modules/demux/nsv.c
index 049b068..140f14e 100644
--- a/modules/demux/nsv.c
+++ b/modules/demux/nsv.c
@@ -445,7 +445,6 @@ static int ReadNSVf( demux_t *p_demux )
{
/* demux_sys_t *p_sys = p_demux->p_sys; */
const uint8_t *p;
- int i_size;
msg_Dbg( p_demux, "new NSVf chunk" );
if( stream_Peek( p_demux->s, &p, 8 ) < 8 )
@@ -453,10 +452,14 @@ static int ReadNSVf( demux_t *p_demux )
return VLC_EGENERIC;
}
- i_size = GetDWLE( &p[4] );
- msg_Dbg( p_demux, " - size=%d", i_size );
+ uint32_t i_header_size = GetDWLE( &p[4] );
+ msg_Dbg( p_demux, " - size=%" PRIu32, i_header_size );
+
+ if( i_header_size == 0 || i_header_size == UINT32_MAX )
+ return VLC_EGENERIC;
+
- return stream_Read( p_demux->s, NULL, i_size ) == i_size ? VLC_SUCCESS : VLC_EGENERIC;
+ return stream_Read( p_demux->s, NULL, i_header_size ) == i_header_size ? VLC_SUCCESS : VLC_EGENERIC;
}
/*****************************************************************************
* ReadNSVs:
More information about the vlc-commits
mailing list