vlc/vlc-3.0 | branch: master | Francois Cartegnie <[email protected]> | Wed Aug 14 17:34:13 2019 +0200| [dabb9c471adcdefde12ecd87b3ebb64e62865d86] | committer: Francois Cartegnie
access: dvdread: check for blocks total overflow (cherry picked from commit 255323b966872afd73526fc38866c4a108e864b6) > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=dabb9c471adcdefde12ecd87b3ebb64e62865d86 --- modules/access/dvdread.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/modules/access/dvdread.c b/modules/access/dvdread.c index daaa1efb63..3b0cfb9ea5 100644 --- a/modules/access/dvdread.c +++ b/modules/access/dvdread.c @@ -61,6 +61,7 @@ #include <dvdread/nav_print.h> #include <assert.h> +#include <limits.h> /***************************************************************************** * Module descriptor @@ -797,8 +798,12 @@ static int DvdReadSetArea( demux_t *p_demux, int i_title, int i_chapter, p_sys->i_title_blocks = 0; for( int i = i_start_cell; i <= i_end_cell; i++ ) { - p_sys->i_title_blocks += p_pgc->cell_playback[i].last_sector - - p_pgc->cell_playback[i].first_sector + 1; + const uint32_t cell_blocks = p_pgc->cell_playback[i].last_sector - + p_pgc->cell_playback[i].first_sector + 1; + if(unlikely( cell_blocks == 0 || cell_blocks > INT_MAX || + INT_MAX - p_sys->i_title_blocks < (int)cell_blocks )) + return VLC_EGENERIC; + p_sys->i_title_blocks += cell_blocks; } msg_Dbg( p_demux, "title %d vts_title %d pgc %d pgn %d " _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
