vlc | branch: master | Francois Cartegnie <[email protected]> | Sun Dec 25 22:05:24 2016 +0100| [c395028c8f867797a451152d7ad9fa542b7dc05f] | committer: Francois Cartegnie
demux: libasf: fix integer overflow and read overflow on usage > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=c395028c8f867797a451152d7ad9fa542b7dc05f --- modules/demux/asf/libasf.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/demux/asf/libasf.c b/modules/demux/asf/libasf.c index 02204f0..af057be 100644 --- a/modules/demux/asf/libasf.c +++ b/modules/demux/asf/libasf.c @@ -1340,7 +1340,10 @@ static int ASF_ReadObject_marker(stream_t *s, asf_object_t *p_obj) p_marker->i_send_time = ASF_READ4(); p_marker->i_flags = ASF_READ4(); p_marker->i_marker_description_length = ASF_READ4(); - p_marker->p_marker_description = ASF_READS( p_marker->i_marker_description_length * 2 ); + if( p_marker->i_marker_description_length <= (UINT32_MAX / 2) ) + p_marker->p_marker_description = ASF_READS( p_marker->i_marker_description_length * 2 ); + else + p_marker->i_marker_description_length = 0; } } _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
