[vlc-devel] [PATCH] dirac: Fix potential integer overflow

Sun Nov 12 10:53:10 CET 2017

On dimanche 12 novembre 2017 09:56:43 EET Hugo Beauzée-Luyssen wrote:
> ---
>  modules/packetizer/dirac.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/modules/packetizer/dirac.c b/modules/packetizer/dirac.c
> index 6e8d7c50ba..c760eff29f 100644
> --- a/modules/packetizer/dirac.c
> +++ b/modules/packetizer/dirac.c
> @@ -481,8 +481,10 @@ static bool dirac_UnpackParseInfo( parse_info_t *p_pi,
> block_bytestream_t *p_bs, return false;
> 
>      p_pi->i_parse_code = p_d[4];
> -    p_pi->u_next_offset = p_d[5] << 24 | p_d[6] << 16 | p_d[7] << 8 |
> p_d[8]; -    p_pi->u_prev_offset = p_d[9] << 24 | p_d[10] << 16 | p_d[11]
> << 8 | p_d[12]; +    p_pi->u_next_offset = (uint32_t)p_d[5] << 24 |
> (uint32_t)p_d[6] << 16 | +                          (uint32_t)p_d[7] << 8 |
> p_d[8];
> +    p_pi->u_prev_offset = (uint32_t)p_d[9] << 24 | (uint32_t)p_d[10] << 16
> | +                          (uint32_t)p_d[11] << 8 | p_d[12];
>      return true;
>  }

It looks like Get*W?E helpers could be used here.

-- 
Rémi Denis-Courmont