[vlc-commits] ogg: Fix potential integer overflow
Hugo Beauzée-Luyssen
git at videolan.org
Wed Aug 14 18:13:19 CEST 2019
vlc | branch: master | Hugo Beauzée-Luyssen <hugo at beauzee.fr> | Fri Jul 26 13:32:38 2019 +0200| [c455d11a96e473ea3038b7f469f15a71cd9338e3] | committer: Hugo Beauzée-Luyssen
ogg: Fix potential integer overflow
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=c455d11a96e473ea3038b7f469f15a71cd9338e3
---
modules/demux/ogg.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/modules/demux/ogg.c b/modules/demux/ogg.c
index 649e154a7e..397906034a 100644
--- a/modules/demux/ogg.c
+++ b/modules/demux/ogg.c
@@ -2654,7 +2654,8 @@ static bool Ogg_ReadDaalaHeader( logical_stream_t *p_stream,
oggpack_buffer opb;
uint32_t i_timebase_numerator;
uint32_t i_timebase_denominator;
- int i_keyframe_frequency_force;
+ int keyframe_granule_shift;
+ unsigned int i_keyframe_frequency_force;
uint8_t i_major;
uint8_t i_minor;
uint8_t i_subminor;
@@ -2688,7 +2689,9 @@ static bool Ogg_ReadDaalaHeader( logical_stream_t *p_stream,
oggpack_adv( &opb, 32 ); /* frame duration */
- i_keyframe_frequency_force = 1 << oggpack_read( &opb, 8 );
+ keyframe_granule_shift = oggpack_read( &opb, 8 );
+ keyframe_granule_shift = __MIN(keyframe_granule_shift, 31);
+ i_keyframe_frequency_force = 1u << keyframe_granule_shift;
/* granule_shift = i_log( frequency_force -1 ) */
p_stream->i_granule_shift = 0;
More information about the vlc-commits
mailing list