[vlc-devel] [PATCH] wav: fix integer overflow
Rémi Denis-Courmont
remi at remlab.net
Fri May 3 15:04:56 CEST 2013
Le vendredi 3 mai 2013 15:24:22, Tobias Rapp a écrit :
> Fix possible integer overflow when reading wave format chunk.
> ---
> modules/demux/wav.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/modules/demux/wav.c b/modules/demux/wav.c
> index 6a2e146..0101dd0 100644
> --- a/modules/demux/wav.c
> +++ b/modules/demux/wav.c
> @@ -168,6 +168,11 @@ static int Open( vlc_object_t * p_this )
> msg_Err( p_demux, "cannot find 'fmt ' chunk" );
> goto error;
> }
> + if( i_size > INT32_MAX - 2 )
> + {
> + msg_Err( p_demux, "invalid 'fmt ' chunk" );
> + goto error;
> + }
This seems completely redundant with the next test.
> i_size += 2;
> if( i_size < sizeof( WAVEFORMATEX ) )
> {
--
Rémi Denis-Courmont
http://www.remlab.net/
More information about the vlc-devel
mailing list