[vlc-devel] [PATCH] wav: fix integer overflow
Tobias Rapp
t.rapp at noa-audio.com
Fri May 3 15:59:07 CEST 2013
Jean-Baptiste Kempf wrote:
> On 03 May, Tobias Rapp wrote :
> > Tobias Rapp wrote:
> > > @@ -168,6 +168,11 @@ static int Open( vlc_object_t * p_this )
> > > msg_Err( p_demux, "cannot find 'fmt ' chunk" );
> > > goto error;
> > > }
> > > + if( i_size > INT32_MAX - 2 )
> > > + {
> > > + msg_Err( p_demux, "invalid 'fmt ' chunk" );
> > > + goto error;
> > > + }
> > > i_size += 2;
> > > if( i_size < sizeof( WAVEFORMATEX ) )
> > > {
> >
> > BTW: I have chosen INT32_MAX instead of UINT32_MAX here even though i_size
> > is declared as unsigned int because it is casted to (signed) integer later
> > when passed to stream_Read.
>
> Doesn't this block 2GB+ files to be opened?
No, as it only limits the size of the format chunk, not the data chunk.
Regards,
Tobias
More information about the vlc-devel
mailing list