[vlc-devel] [PATCH] wav: fix integer overflow
Tobias Rapp
t.rapp at noa-audio.com
Fri May 3 14:34:20 CEST 2013
Tobias Rapp wrote:
> @@ -168,6 +168,11 @@ static int Open( vlc_object_t * p_this )
> msg_Err( p_demux, "cannot find 'fmt ' chunk" );
> goto error;
> }
> + if( i_size > INT32_MAX - 2 )
> + {
> + msg_Err( p_demux, "invalid 'fmt ' chunk" );
> + goto error;
> + }
> i_size += 2;
> if( i_size < sizeof( WAVEFORMATEX ) )
> {
BTW: I have chosen INT32_MAX instead of UINT32_MAX here even though i_size
is declared as unsigned int because it is casted to (signed) integer later
when passed to stream_Read.
Regards,
Tobias
More information about the vlc-devel
mailing list