[vlc-devel] [PATCH 2/4] demux/aiff: fix 17562: integer-overflow leads to infinite loop
Filip Roséen
filip at atch.se
Mon Oct 31 01:13:31 CET 2016
Fucking hell..
On 2016-10-31 01:05, Filip Roséen wrote:
> Given that the previous implementation stored the size of the current
> chunk-payload in an uint32_t, it would potentially overflow when
> adding the size of the chunk header and conditional padding.
>
> These changes fixes the previously described by storing the
> chunk-total size in a larger integer type, as well as making sure that
> we do not pass a too big of a value to vlc_stream_Read (that would
> cause problems on 32bit platforms).
>
> fixes #17562
This patch is supposed to include `SSIZE_MAX < UINT64_MAX` (not
`UINT32_MAX` as written).
See attached patch for the correct version.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20161031/3d76c4ac/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-demux-aiff-fix-17562-integer-overflow-leads-to-infin.patch
Type: text/x-diff
Size: 2919 bytes
Desc: not available
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20161031/3d76c4ac/attachment.patch>
More information about the vlc-devel
mailing list