[vlc-commits] ogg: Fix potential integer overflow
Hugo Beauzée-Luyssen
git at videolan.org
Wed Aug 14 18:24:16 CEST 2019
vlc/vlc-3.0 | branch: master | Hugo Beauzée-Luyssen <hugo at beauzee.fr> | Fri Jul 26 13:32:38 2019 +0200| [1a55a5935c2ad89df0324bdd95d3f915314cde4a] | committer: Hugo Beauzée-Luyssen
ogg: Fix potential integer overflow
(cherry picked from commit c455d11a96e473ea3038b7f469f15a71cd9338e3)
Signed-off-by: Hugo Beauzée-Luyssen <hugo at beauzee.fr>
> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=1a55a5935c2ad89df0324bdd95d3f915314cde4a
---
modules/demux/ogg.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/modules/demux/ogg.c b/modules/demux/ogg.c
index 69fa492c42..786e052a5e 100644
--- a/modules/demux/ogg.c
+++ b/modules/demux/ogg.c
@@ -2692,7 +2692,8 @@ static bool Ogg_ReadDaalaHeader( logical_stream_t *p_stream,
oggpack_buffer opb;
uint32_t i_timebase_numerator;
uint32_t i_timebase_denominator;
- int i_keyframe_frequency_force;
+ int keyframe_granule_shift;
+ unsigned int i_keyframe_frequency_force;
uint8_t i_major;
uint8_t i_minor;
uint8_t i_subminor;
@@ -2726,7 +2727,9 @@ static bool Ogg_ReadDaalaHeader( logical_stream_t *p_stream,
oggpack_adv( &opb, 32 ); /* frame duration */
- i_keyframe_frequency_force = 1 << oggpack_read( &opb, 8 );
+ keyframe_granule_shift = oggpack_read( &opb, 8 );
+ keyframe_granule_shift = __MIN(keyframe_granule_shift, 31);
+ i_keyframe_frequency_force = 1u << keyframe_granule_shift;
/* granule_shift = i_log( frequency_force -1 ) */
p_stream->i_granule_shift = 0;
More information about the vlc-commits
mailing list