projects / platform / upstream / gstreamer.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4f2189a)
wavparse: guard against overflow when comparing chunk sizes
authorTim-Philipp Müller <tim@centricular.com>
Sun, 23 May 2021 12:24:21 +0000 (13:24 +0100)
committerTim-Philipp Müller <tim@centricular.com>
Sun, 23 May 2021 14:17:27 +0000 (15:17 +0100)
Could be rewritten as lsize > (size - 8) a well, but the
extra check seems clearer. Doesn't look like it was problematic,
lsize wasn't actually used when parsing the sub-chunks.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/994>

gst/wavparse/gstwavparse.c patch | blob | history

diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
index 878bb10..0ead4be 100644 (file)
--- a/gst/wavparse/gstwavparse.c
+++ b/gst/wavparse/gstwavparse.c
@@ -930,7 +930,7 @@ gst_wavparse_adtl_chunk (GstWavParse * wav, const guint8 * data, guint32 size)
     ltag = GST_READ_UINT32_LE (data + offset);
     lsize = GST_READ_UINT32_LE (data + offset + 4);
 
-    if (lsize + 8 > size) {
+    if (lsize > (G_MAXUINT - 8) || lsize + 8 > size) {
       GST_WARNING_OBJECT (wav, "Invalid adtl size: %u + 8 > %u", lsize, size);
       return FALSE;
     }
Domain: Multimedia / Media Common;