[vlc-devel] [PATCH 3/7] subsdec: fix potential unsigned overflow

Rémi Denis-Courmont remi at remlab.net
Tue May 6 21:07:15 CEST 2014


Le mardi 6 mai 2014, 19:08:27 Felix Abecassis a écrit :
> ---
>  modules/codec/subsdec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/modules/codec/subsdec.c b/modules/codec/subsdec.c
> index 1b4276e..4faff70 100644
> --- a/modules/codec/subsdec.c
> +++ b/modules/codec/subsdec.c
> @@ -737,7 +737,7 @@ static char *CreateHtmlSubtitle( int *pi_align, char
> *psz_subtitle ) {
>                  bool   b_match     = false;
>                  bool   b_ignore    = false;
> -                int    i_len       = (psz_tag ? strlen(psz_tag) : 0) - 1;
> +                int    i_len       = (psz_tag ? (int)strlen(psz_tag) : 0) -
> 1;

This looks more like it's introducing undefined behaviour than removing it. 

If: strlen(psz_tag) == (size_t)INT_MIN
Before the patch: i_len == INT_MAX
After the patch: undefined behaviour due to signed underflow.

If psz_tag is the empty string the result is unchanged.

-- 
Rémi Denis-Courmont
http://www.remlab.net/




More information about the vlc-devel mailing list