vlc | branch: master | Laurent Aimar <[email protected]> | Thu Jan 12 21:31:13 2012 +0100| [04c9c0e7e8f4687c9881c6ad10d9e31152249697] | committer: Laurent Aimar
Fixed a potential integer overflow in MemToBlock(). When the integer overflow happens, the block_t returned will be smaller than requested. It fixes the second half of #5841. > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=04c9c0e7e8f4687c9881c6ad10d9e31152249697 --- modules/demux/mkv/mkv.cpp | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/modules/demux/mkv/mkv.cpp b/modules/demux/mkv/mkv.cpp index ebbcafa..67af69e 100644 --- a/modules/demux/mkv/mkv.cpp +++ b/modules/demux/mkv/mkv.cpp @@ -455,6 +455,9 @@ static void Seek( demux_t *p_demux, mtime_t i_date, double f_percent, virtual_ch /* Utility function for BlockDecode */ static block_t *MemToBlock( uint8_t *p_mem, size_t i_mem, size_t offset) { + if( unlikely( i_mem > SIZE_MAX - offset ) ) + return NULL; + block_t *p_block = block_New( p_demux, i_mem + offset ); if( likely(p_block != NULL) ) { _______________________________________________ vlc-commits mailing list [email protected] http://mailman.videolan.org/listinfo/vlc-commits
