dvdspu: Avoid integer overflow when checking if enough data is available

author Sebastian Dröge <sebastian@centricular.com>

Tue, 13 Jun 2023 11:25:04 +0000 (14:25 +0300)

committer GStreamer Marge Bot <gitlab-merge-bot@gstreamer-foundation.org>

Tue, 20 Jun 2023 10:07:14 +0000 (10:07 +0000)
author Sebastian Dröge <sebastian@centricular.com>
Tue, 13 Jun 2023 11:25:04 +0000 (14:25 +0300)
committer GStreamer Marge Bot <gitlab-merge-bot@gstreamer-foundation.org>
Tue, 20 Jun 2023 10:07:14 +0000 (10:07 +0000)
diff --git a/subprojects/gst-plugins-bad/gst/dvdspu/gstspu-pgs.c b/subprojects/gst-plugins-bad/gst/dvdspu/gstspu-pgs.c

index 391bb63..df0b8e2 100644 (file)
--- a/subprojects/gst-plugins-bad/gst/dvdspu/gstspu-pgs.c
+++ b/subprojects/gst-plugins-bad/gst/dvdspu/gstspu-pgs.c
@@ -607,7 +607,8 @@ parse_set_object_data (GstDVDSpu * dvdspu, guint8 type, guint8 * payload,
      PGS_DUMP ("%d bytes of additional RLE data\n", (int) (end - payload));
      /* Check that the data chunk is for this object version, and fits in the buffer */
      if (obj->rle_data_ver == obj_ver &&
-        obj->rle_data_used + end - payload <= obj->rle_data_size) {
+        end - payload <= obj->rle_data_size &&
+        obj->rle_data_used <= obj->rle_data_size - (end - payload)) {
  
        memcpy (obj->rle_data + obj->rle_data_used, payload, end - payload);
        obj->rle_data_used += end - payload;
author	Sebastian Dröge <sebastian@centricular.com>
	Tue, 13 Jun 2023 11:25:04 +0000 (14:25 +0300)
committer	GStreamer Marge Bot <gitlab-merge-bot@gstreamer-foundation.org>
	Tue, 20 Jun 2023 10:07:14 +0000 (10:07 +0000)