[vlc-commits] avi: Fix potential integer underflow
Atte Kettunen
git at videolan.org
Thu May 23 17:20:59 CEST 2019
vlc | branch: master | Atte Kettunen <attekett at gmail.com> | Tue Mar 5 11:43:33 2019 +0100| [8345f1acc06fe87f327b17582d18106374bb2deb] | committer: Hugo Beauzée-Luyssen
avi: Fix potential integer underflow
https://hackerone.com/reports/501387
Signed-off-by: Hugo Beauzée-Luyssen <hugo at beauzee.fr>
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=8345f1acc06fe87f327b17582d18106374bb2deb
---
modules/demux/avi/bitmapinfoheader.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/modules/demux/avi/bitmapinfoheader.h b/modules/demux/avi/bitmapinfoheader.h
index f797c2e495..9a88fffdef 100644
--- a/modules/demux/avi/bitmapinfoheader.h
+++ b/modules/demux/avi/bitmapinfoheader.h
@@ -99,7 +99,8 @@ static inline int ParseBitmapInfoHeader( VLC_BITMAPINFOHEADER *p_bih, size_t i_b
/* Extradata is the remainder of the chunk less the BIH */
const uint8_t *p_bihextra = (const uint8_t *) &p_bih[1];
size_t i_bihextra;
- if( i_bih <= INT_MAX - sizeof(VLC_BITMAPINFOHEADER) )
+ if( i_bih <= INT_MAX - sizeof(VLC_BITMAPINFOHEADER) &&
+ i_bih >= sizeof(VLC_BITMAPINFOHEADER) )
i_bihextra = i_bih - sizeof(VLC_BITMAPINFOHEADER);
else
i_bihextra = 0;
More information about the vlc-commits
mailing list