vlc | branch: master | Hugo Beauzée-Luyssen <[email protected]> | Fri Jul 26 13:32:38 2019 +0200| [c455d11a96e473ea3038b7f469f15a71cd9338e3] | committer: Hugo Beauzée-Luyssen
ogg: Fix potential integer overflow > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=c455d11a96e473ea3038b7f469f15a71cd9338e3 --- modules/demux/ogg.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/demux/ogg.c b/modules/demux/ogg.c index 649e154a7e..397906034a 100644 --- a/modules/demux/ogg.c +++ b/modules/demux/ogg.c @@ -2654,7 +2654,8 @@ static bool Ogg_ReadDaalaHeader( logical_stream_t *p_stream, oggpack_buffer opb; uint32_t i_timebase_numerator; uint32_t i_timebase_denominator; - int i_keyframe_frequency_force; + int keyframe_granule_shift; + unsigned int i_keyframe_frequency_force; uint8_t i_major; uint8_t i_minor; uint8_t i_subminor; @@ -2688,7 +2689,9 @@ static bool Ogg_ReadDaalaHeader( logical_stream_t *p_stream, oggpack_adv( &opb, 32 ); /* frame duration */ - i_keyframe_frequency_force = 1 << oggpack_read( &opb, 8 ); + keyframe_granule_shift = oggpack_read( &opb, 8 ); + keyframe_granule_shift = __MIN(keyframe_granule_shift, 31); + i_keyframe_frequency_force = 1u << keyframe_granule_shift; /* granule_shift = i_log( frequency_force -1 ) */ p_stream->i_granule_shift = 0; _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
