[vlc-devel] [PATCH 2/4] demux/aiff: fix 17562: integer-overflow leads to infinite loop

Filip Roséen filip at atch.se
Mon Oct 31 01:13:31 CET 2016


Fucking hell..

On 2016-10-31 01:05, Filip Roséen wrote:

> Given that the previous implementation stored the size of the current
> chunk-payload in an uint32_t, it would potentially overflow when
> adding the size of the chunk header and conditional padding.
> 
> These changes fixes the previously described by storing the
> chunk-total size in a larger integer type, as well as making sure that
> we do not pass a too big of a value to vlc_stream_Read (that would
> cause problems on 32bit platforms).
> 
> fixes #17562

This patch is supposed to include `SSIZE_MAX < UINT64_MAX` (not
`UINT32_MAX` as written).

See attached patch for the correct version.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20161031/3d76c4ac/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-demux-aiff-fix-17562-integer-overflow-leads-to-infin.patch
Type: text/x-diff
Size: 2919 bytes
Desc: not available
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20161031/3d76c4ac/attachment.patch>


More information about the vlc-devel mailing list