[vlc-commits] [Git][videolan/vlc][3.0.x] demux: wav: check the size of the fmt chunk is legit
Steve Lhomme (@robUx4)
gitlab at videolan.org
Thu Aug 21 11:54:29 UTC 2025
Steve Lhomme pushed to branch 3.0.x at VideoLAN / VLC
Commits:
d9a89e48 by Steve Lhomme at 2025-08-21T11:28:37+00:00
demux: wav: check the size of the fmt chunk is legit
WAVEFORMATEX.cbSize represents the size of data after the WAVEFORMATEX structure [^1].
It is coded on a uint16_t so the size of the WAVEFORMATEX plus its extra data
can never exceed sizeof(WAVEFORMATEX) + UINT16_MAX.
Fixes #29004
[^1]: https://learn.microsoft.com/en-us/windows/win32/api/mmeapi/ns-mmeapi-waveformatex
(cherry picked from commit d5ab4348ed214174c2f3c50549c7e28acda3b223)
- - - - -
1 changed file:
- modules/demux/wav.c
Changes:
=====================================
modules/demux/wav.c
=====================================
@@ -167,9 +167,9 @@ static int Open( vlc_object_t * p_this )
goto error;
}
i_size += 2;
- if( i_size < sizeof( WAVEFORMATEX ) )
+ if( i_size < sizeof( WAVEFORMATEX ) || i_size > (sizeof( WAVEFORMATEX ) + UINT16_MAX ) )
{
- msg_Err( p_demux, "invalid 'fmt ' chunk" );
+ msg_Err( p_demux, "invalid 'fmt ' chunk of size %" PRIu32, i_size );
goto error;
}
if( vlc_stream_Read( p_demux->s, NULL, 8 ) != 8 )
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/d9a89e481c13a9a020968673f5fbfb1d9170c8ec
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/d9a89e481c13a9a020968673f5fbfb1d9170c8ec
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the vlc-commits
mailing list