[vlc-devel] [PATCH] wav: fix integer overflow
Tobias Rapp
t.rapp at noa-audio.com
Fri May 3 16:03:26 CEST 2013
Rémi Denis-Courmont wrote:
> Le vendredi 3 mai 2013 15:24:22, Tobias Rapp a écrit :
> > Fix possible integer overflow when reading wave format chunk.
> > ---
> > modules/demux/wav.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/modules/demux/wav.c b/modules/demux/wav.c
> > index 6a2e146..0101dd0 100644
> > --- a/modules/demux/wav.c
> > +++ b/modules/demux/wav.c
> > @@ -168,6 +168,11 @@ static int Open( vlc_object_t * p_this )
> > msg_Err( p_demux, "cannot find 'fmt ' chunk" );
> > goto error;
> > }
> > + if( i_size > INT32_MAX - 2 )
> > + {
> > + msg_Err( p_demux, "invalid 'fmt ' chunk" );
> > + goto error;
> > + }
>
> This seems completely redundant with the next test.
>
> > i_size += 2;
> > if( i_size < sizeof( WAVEFORMATEX ) )
Thats true. I guess the patch can be ignored then.
Regards,
Tobias
More information about the vlc-devel
mailing list