[vlc-devel] [PATCH] wav: fix integer overflow
Jean-Baptiste Kempf
jb at videolan.org
Fri May 3 14:52:40 CEST 2013
On 03 May, Tobias Rapp wrote :
> Tobias Rapp wrote:
> > @@ -168,6 +168,11 @@ static int Open( vlc_object_t * p_this )
> > msg_Err( p_demux, "cannot find 'fmt ' chunk" );
> > goto error;
> > }
> > + if( i_size > INT32_MAX - 2 )
> > + {
> > + msg_Err( p_demux, "invalid 'fmt ' chunk" );
> > + goto error;
> > + }
> > i_size += 2;
> > if( i_size < sizeof( WAVEFORMATEX ) )
> > {
>
> BTW: I have chosen INT32_MAX instead of UINT32_MAX here even though i_size
> is declared as unsigned int because it is casted to (signed) integer later
> when passed to stream_Read.
Doesn't this block 2GB+ files to be opened?
Best regards,
--
Jean-Baptiste Kempf
http://www.jbkempf.com/ - +33 672 704 734
Sent from my Electronic Device
More information about the vlc-devel
mailing list