From 679af3271fbc577602fded804dee6fe59748178f Mon Sep 17 00:00:00 2001 From: "Carsten Haitzler (Rasterman)" Date: Mon, 11 Jul 2016 21:54:57 +0900 Subject: [PATCH] eet - fix possible integer overflow in ptr diff on parse coverity spotted this - with silly long strings (like 1gb in size or+) it might happen. fix CID 1256196 --- src/lib/eet/eet_lib.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lib/eet/eet_lib.c b/src/lib/eet/eet_lib.c index 4d0dfba..d2c95c2 100644 --- a/src/lib/eet/eet_lib.c +++ b/src/lib/eet/eet_lib.c @@ -1757,7 +1757,9 @@ _base64_dec(const char *file, int *size_ret) } end = p; // go from line start to (but not including) first invalid char - if (((end - buf) > 0) && (((end - buf) % 4) == 0)) + if (((end - buf) > 0) && + ((end - buf) < 0x1fffffff) && // not too long + (((end - buf) % 4) == 0)) { unsigned char *tmp = malloc((end - buf + 4) * 2); -- 2.7.4