eet - fix possible integer overflow in ptr diff on parse

author Carsten Haitzler (Rasterman) <raster@rasterman.com>

Mon, 11 Jul 2016 12:54:57 +0000 (21:54 +0900)

committer Carsten Haitzler (Rasterman) <raster@rasterman.com>

Mon, 11 Jul 2016 12:54:57 +0000 (21:54 +0900)
author Carsten Haitzler (Rasterman) <raster@rasterman.com>
Mon, 11 Jul 2016 12:54:57 +0000 (21:54 +0900)
committer Carsten Haitzler (Rasterman) <raster@rasterman.com>
Mon, 11 Jul 2016 12:54:57 +0000 (21:54 +0900)
diff --git a/src/lib/eet/eet_lib.c b/src/lib/eet/eet_lib.c

index 4d0dfba..d2c95c2 100644 (file)
--- a/src/lib/eet/eet_lib.c
+++ b/src/lib/eet/eet_lib.c
@@ -1757,7 +1757,9 @@ _base64_dec(const char *file, int *size_ret)
            }
          end = p;
          // go from line start to (but not including) first invalid char
-        if (((end - buf) > 0) && (((end - buf) % 4) == 0))
+        if (((end - buf) > 0) &&
+            ((end - buf) < 0x1fffffff) && // not too long
+            (((end - buf) % 4) == 0))
            {
               unsigned char *tmp = malloc((end - buf + 4) * 2);
author	Carsten Haitzler (Rasterman) <raster@rasterman.com>
	Mon, 11 Jul 2016 12:54:57 +0000 (21:54 +0900)
committer	Carsten Haitzler (Rasterman) <raster@rasterman.com>
	Mon, 11 Jul 2016 12:54:57 +0000 (21:54 +0900)