[vlc-commits] smf: fix potential overflow

Rémi Denis-Courmont git at videolan.org
Fri Jul 7 22:43:10 CEST 2017


vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Fri Jul  7 23:34:37 2017 +0300| [8463872f9cdfdc0a64f55e6a29150e8ccb426d7f] | committer: Rémi Denis-Courmont

smf: fix potential overflow

Skipping more than SSIZE_MAX bytes is undefined. This could fail on
32-bits systems.

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=8463872f9cdfdc0a64f55e6a29150e8ccb426d7f
---

 modules/demux/smf.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/demux/smf.c b/modules/demux/smf.c
index 009084f687..9839184a39 100644
--- a/modules/demux/smf.c
+++ b/modules/demux/smf.c
@@ -665,8 +665,11 @@ static int Open (vlc_object_t *obj)
             if (memcmp (head, "MTrk", 4) == 0)
                 break;
 
-            msg_Dbg (demux, "skipping unknown SMF chunk");
-            vlc_stream_Read (stream, NULL, GetDWBE (head + 4));
+            uint_fast32_t chunk_len = GetDWBE(head + 4);
+            msg_Dbg(demux, "skipping unknown SMF chunk (%"PRIuFAST32" bytes)",
+                    chunk_len);
+            if (vlc_stream_Seek(stream, vlc_stream_Tell(stream) + chunk_len))
+                goto error;
         }
 
         tr->start = vlc_stream_Tell (stream);



More information about the vlc-commits mailing list