[vlc-commits] spudec: Fix potential integer underflow
Hugo Beauzée-Luyssen
git at videolan.org
Thu May 23 17:40:27 CEST 2019
vlc/vlc-3.0 | branch: master | Hugo Beauzée-Luyssen <hugo at beauzee.fr> | Tue Mar 5 12:34:18 2019 +0100| [fcb73ab6156fcd26dfdab9799804ebecc82f2554] | committer: Hugo Beauzée-Luyssen
spudec: Fix potential integer underflow
https://hackerone.com/reports/504668
(cherry picked from commit 824ffaaeebe9751fd62ad461145600457f28fe71)
Signed-off-by: Hugo Beauzée-Luyssen <hugo at beauzee.fr>
> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=fcb73ab6156fcd26dfdab9799804ebecc82f2554
---
modules/codec/spudec/parse.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/modules/codec/spudec/parse.c b/modules/codec/spudec/parse.c
index 275864f187..24eb465a7e 100644
--- a/modules/codec/spudec/parse.c
+++ b/modules/codec/spudec/parse.c
@@ -326,6 +326,11 @@ static int ParseControlSeq( decoder_t *p_dec, subpicture_t *p_spu,
p_spu_properties->i_height = (((p_sys->buffer[i_index+5]&0x0f)<<8)|
p_sys->buffer[i_index+6]) - p_spu_properties->i_y + 1;
+ if (p_spu_properties->i_width < 0 || p_spu_properties->i_height < 0) {
+ msg_Err( p_dec, "integer overflow in SPU command" );
+ return VLC_EGENERIC;
+ }
+
/* Auto crop fullscreen subtitles */
if( p_spu_properties->i_height > 250 )
p_spu_data->b_auto_crop = true;
More information about the vlc-commits
mailing list