[vlc-commits] avi: Fix potential integer underflow

Thu, 23 May 2019 08:21:15 -0700 

vlc | branch: master | Atte Kettunen <[email protected]> | Tue Mar  5 11:43:33 
2019 +0100| [8345f1acc06fe87f327b17582d18106374bb2deb] | committer: Hugo 
Beauzée-Luyssen

avi: Fix potential integer underflow

https://hackerone.com/reports/501387

Signed-off-by: Hugo Beauzée-Luyssen <[email protected]>

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=8345f1acc06fe87f327b17582d18106374bb2deb
---

 modules/demux/avi/bitmapinfoheader.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/demux/avi/bitmapinfoheader.h 
b/modules/demux/avi/bitmapinfoheader.h
index f797c2e495..9a88fffdef 100644
--- a/modules/demux/avi/bitmapinfoheader.h
+++ b/modules/demux/avi/bitmapinfoheader.h
@@ -99,7 +99,8 @@ static inline int ParseBitmapInfoHeader( VLC_BITMAPINFOHEADER 
*p_bih, size_t i_b
     /* Extradata is the remainder of the chunk less the BIH */
     const uint8_t *p_bihextra = (const uint8_t *) &p_bih[1];
     size_t i_bihextra;
-    if( i_bih <= INT_MAX - sizeof(VLC_BITMAPINFOHEADER) )
+    if( i_bih <= INT_MAX - sizeof(VLC_BITMAPINFOHEADER) &&
+            i_bih >= sizeof(VLC_BITMAPINFOHEADER) )
         i_bihextra = i_bih - sizeof(VLC_BITMAPINFOHEADER);
     else
         i_bihextra = 0;

_______________________________________________
vlc-commits mailing list
[email protected]
https://mailman.videolan.org/listinfo/vlc-commits

Reply via email to