subject:"\[vlc\-commits\] avi\: Fix integer overflow"

[vlc-commits] avi: Fix integer overflow

2020-12-15 Thread Hugo Beauzée-Luyssen

vlc/vlc-3.0 | branch: master | Hugo Beauzée-Luyssen  | Mon Nov 
 9 09:54:27 2020 +0100| [56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb] | committer: 
Hugo Beauzée-Luyssen

avi: Fix integer overflow

Which would in turn cause a size verification failure, leading to a
buffer overflow
Reported by: Zhen Zhou, NSFOCUS Security Team

(cherry picked from commit a4b1de184faf86617b4432954c1984e0027fb246)
Signed-off-by: Hugo Beauzée-Luyssen 

> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb
---

 modules/demux/avi/avi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/demux/avi/avi.c b/modules/demux/avi/avi.c
index 9ca8043472..7868a0f90e 100644
--- a/modules/demux/avi/avi.c
+++ b/modules/demux/avi/avi.c
@@ -3078,7 +3078,7 @@ static void AVI_ExtractSubtitle( demux_t *p_demux,
 if( i_size < 6 || GetWLE( [0] ) != 0x04 )
 goto exit;
 const unsigned i_payload = GetDWLE( [2] );
-if( i_size < 6 + i_payload || i_payload <= 0 )
+if( i_size - 6 < i_payload || i_payload == 0 )
 goto exit;
 p += 6;
 i_size -= 6;

___
vlc-commits mailing list
vlc-commits@videolan.org
https://mailman.videolan.org/listinfo/vlc-commits

[vlc-commits] avi: Fix integer overflow

2020-12-15 Thread Hugo Beauzée-Luyssen

vlc | branch: master | Hugo Beauzée-Luyssen  | Mon Nov  9 
09:54:27 2020 +0100| [a4b1de184faf86617b4432954c1984e0027fb246] | committer: 
Hugo Beauzée-Luyssen

avi: Fix integer overflow

Which would in turn cause a size verification failure, leading to a
buffer overflow
Reported by: Zhen Zhou, NSFOCUS Security Team

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=a4b1de184faf86617b4432954c1984e0027fb246
---

 modules/demux/avi/avi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/demux/avi/avi.c b/modules/demux/avi/avi.c
index 9174b3167b..c3aa70ef57 100644
--- a/modules/demux/avi/avi.c
+++ b/modules/demux/avi/avi.c
@@ -2933,7 +2933,7 @@ static void AVI_ExtractSubtitle( demux_t *p_demux,
 if( i_size < 6 || GetWLE( [0] ) != 0x04 )
 goto exit;
 const unsigned i_payload = GetDWLE( [2] );
-if( i_size < 6 + i_payload || i_payload <= 0 )
+if( i_size - 6 < i_payload || i_payload == 0 )
 goto exit;
 p += 6;
 i_size -= 6;

___
vlc-commits mailing list
vlc-commits@videolan.org
https://mailman.videolan.org/listinfo/vlc-commits

[vlc-commits] avi: Fix integer overflow

[vlc-commits] avi: Fix integer overflow

2 matches

Site Navigation

Mail list logo

Footer information