[vlc-commits] access: dvdread: check for blocks total overflow
Francois Cartegnie
git at videolan.org
Mon Aug 19 20:49:28 CEST 2019
vlc | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Wed Aug 14 17:34:13 2019 +0200| [255323b966872afd73526fc38866c4a108e864b6] | committer: Francois Cartegnie
access: dvdread: check for blocks total overflow
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=255323b966872afd73526fc38866c4a108e864b6
---
modules/access/dvdread.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/modules/access/dvdread.c b/modules/access/dvdread.c
index 93cf95611b..e7d9295be6 100644
--- a/modules/access/dvdread.c
+++ b/modules/access/dvdread.c
@@ -60,6 +60,7 @@
#include <dvdread/nav_print.h>
#include <assert.h>
+#include <limits.h>
/*****************************************************************************
* Module descriptor
@@ -788,8 +789,12 @@ static int DvdReadSetArea( demux_t *p_demux, int i_title, int i_chapter,
p_sys->i_title_blocks = 0;
for( int i = i_start_cell; i <= i_end_cell; i++ )
{
- p_sys->i_title_blocks += p_pgc->cell_playback[i].last_sector -
- p_pgc->cell_playback[i].first_sector + 1;
+ const uint32_t cell_blocks = p_pgc->cell_playback[i].last_sector -
+ p_pgc->cell_playback[i].first_sector + 1;
+ if(unlikely( cell_blocks == 0 || cell_blocks > INT_MAX ||
+ INT_MAX - p_sys->i_title_blocks < (int)cell_blocks ))
+ return VLC_EGENERIC;
+ p_sys->i_title_blocks += cell_blocks;
}
msg_Dbg( p_demux, "title %d vts_title %d pgc %d pgn %d "
More information about the vlc-commits
mailing list