vlc | branch: master | Francois Cartegnie <[email protected]> | Sun Dec 25 22:23:38 2016 +0100| [adefef571ef3f8848fd42334fe5391d9ffda72fe] | committer: Francois Cartegnie
demux: libasf: fix read overflow on 32bits SIZE_T > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=adefef571ef3f8848fd42334fe5391d9ffda72fe --- modules/demux/asf/libasf.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/demux/asf/libasf.c b/modules/demux/asf/libasf.c index 66e4ad5..a549fa5 100644 --- a/modules/demux/asf/libasf.c +++ b/modules/demux/asf/libasf.c @@ -359,7 +359,7 @@ static int ASF_ReadObject_metadata( stream_t *s, asf_object_t *p_obj ) { asf_object_metadata_t *p_meta = &p_obj->metadata; - int i_peek; + ssize_t i_peek; uint32_t i; const uint8_t *p_peek, *p_data; @@ -396,7 +396,8 @@ static int ASF_ReadObject_metadata( stream_t *s, asf_object_t *p_obj ) p_record->i_type = ASF_READ2(); i_data = ASF_READ4(); - if( !ASF_HAVE( i_name + i_data ) ) + if( UINT32_MAX - i_name < i_data || + !ASF_HAVE( i_name + i_data ) ) break; /* Read name */ _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
