[vlc-commits] access: dvdread: check for blocks total overflow
Francois Cartegnie
git at videolan.org
Sun Sep 15 19:24:55 CEST 2019
vlc/vlc-3.0 | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Wed Aug 14 17:34:13 2019 +0200| [dabb9c471adcdefde12ecd87b3ebb64e62865d86] | committer: Francois Cartegnie
access: dvdread: check for blocks total overflow
(cherry picked from commit 255323b966872afd73526fc38866c4a108e864b6)
> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=dabb9c471adcdefde12ecd87b3ebb64e62865d86
---
modules/access/dvdread.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/modules/access/dvdread.c b/modules/access/dvdread.c
index daaa1efb63..3b0cfb9ea5 100644
--- a/modules/access/dvdread.c
+++ b/modules/access/dvdread.c
@@ -61,6 +61,7 @@
#include <dvdread/nav_print.h>
#include <assert.h>
+#include <limits.h>
/*****************************************************************************
* Module descriptor
@@ -797,8 +798,12 @@ static int DvdReadSetArea( demux_t *p_demux, int i_title, int i_chapter,
p_sys->i_title_blocks = 0;
for( int i = i_start_cell; i <= i_end_cell; i++ )
{
- p_sys->i_title_blocks += p_pgc->cell_playback[i].last_sector -
- p_pgc->cell_playback[i].first_sector + 1;
+ const uint32_t cell_blocks = p_pgc->cell_playback[i].last_sector -
+ p_pgc->cell_playback[i].first_sector + 1;
+ if(unlikely( cell_blocks == 0 || cell_blocks > INT_MAX ||
+ INT_MAX - p_sys->i_title_blocks < (int)cell_blocks ))
+ return VLC_EGENERIC;
+ p_sys->i_title_blocks += cell_blocks;
}
msg_Dbg( p_demux, "title %d vts_title %d pgc %d pgn %d "
More information about the vlc-commits
mailing list