vlc/vlc-3.0 | branch: master | Hugo Beauzée-Luyssen <[email protected]> | Fri Jul 26 13:32:38 2019 +0200| [1a55a5935c2ad89df0324bdd95d3f915314cde4a] | committer: Hugo Beauzée-Luyssen
ogg: Fix potential integer overflow (cherry picked from commit c455d11a96e473ea3038b7f469f15a71cd9338e3) Signed-off-by: Hugo Beauzée-Luyssen <[email protected]> > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=1a55a5935c2ad89df0324bdd95d3f915314cde4a --- modules/demux/ogg.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/demux/ogg.c b/modules/demux/ogg.c index 69fa492c42..786e052a5e 100644 --- a/modules/demux/ogg.c +++ b/modules/demux/ogg.c @@ -2692,7 +2692,8 @@ static bool Ogg_ReadDaalaHeader( logical_stream_t *p_stream, oggpack_buffer opb; uint32_t i_timebase_numerator; uint32_t i_timebase_denominator; - int i_keyframe_frequency_force; + int keyframe_granule_shift; + unsigned int i_keyframe_frequency_force; uint8_t i_major; uint8_t i_minor; uint8_t i_subminor; @@ -2726,7 +2727,9 @@ static bool Ogg_ReadDaalaHeader( logical_stream_t *p_stream, oggpack_adv( &opb, 32 ); /* frame duration */ - i_keyframe_frequency_force = 1 << oggpack_read( &opb, 8 ); + keyframe_granule_shift = oggpack_read( &opb, 8 ); + keyframe_granule_shift = __MIN(keyframe_granule_shift, 31); + i_keyframe_frequency_force = 1u << keyframe_granule_shift; /* granule_shift = i_log( frequency_force -1 ) */ p_stream->i_granule_shift = 0; _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
