[vlc-commits] [Git][videolan/vlc][3.0.x] mmsh: check user size bounds
Thomas Guillem (@tguillem)
gitlab at videolan.org
Thu Oct 26 15:27:29 UTC 2023
Thomas Guillem pushed to branch 3.0.x at VideoLAN / VLC
Commits:
27840cb5 by Thomas Guillem at 2023-10-26T17:27:03+02:00
mmsh: check user size bounds
(cherry picked from commit f7f346e686405638342721dd1c980d63e542dbe0)
Signed-off-by: Thomas Guillem <thomas at gllm.fr>
- - - - -
1 changed file:
- modules/access/mms/mmsh.c
Changes:
=====================================
modules/access/mms/mmsh.c
=====================================
@@ -927,7 +927,15 @@ static int GetPacket( stream_t * p_access, chunk_t *p_ck )
if( restsize < 8 )
p_ck->i_size2 = 8;
else
+ {
p_ck->i_size2 = GetWLE( p_sys->buffer + 10);
+ if (p_ck->i_size2 < 8 /* Prevent underflow when set to i_data */
+ || p_ck->i_size2 - 8 > BUFFER_SIZE - 12 /* Prevent Out Of Bound Write */)
+ {
+ msg_Err(p_access, "invalid size2: %" PRIu16, p_ck->i_size2);
+ return VLC_EGENERIC;
+ }
+ }
p_ck->p_data = p_sys->buffer + 12;
p_ck->i_data = p_ck->i_size2 - 8;
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/27840cb5b20bc4651ba6af01d0a7ae6da17297ef
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/27840cb5b20bc4651ba6af01d0a7ae6da17297ef
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the vlc-commits
mailing list