diff options
author | Hakan Kvist <hakan.kvist@sony.com> | 2019-10-22 20:44:58 +0200 |
---|---|---|
committer | Erik de Castro Lopo <erikd@mega-nerd.com> | 2019-10-24 06:57:47 +1100 |
commit | b84ff55b032def9e38277f5efd249f4930a3dae1 (patch) | |
tree | 96c7fec5ae80d76cb2048a4a8934f066314bdcdc | |
parent | 25305d685b52979295064a9b566e697372a9878a (diff) | |
download | flac-b84ff55b032def9e38277f5efd249f4930a3dae1.tar.gz |
libFLAC/stream_decoder.c: fix integer overflow on corrupt file
Corrupt metadata could make the length calculation overflow.
-rw-r--r-- | src/libFLAC/stream_decoder.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c index 5b96086c..7034cce6 100644 --- a/src/libFLAC/stream_decoder.c +++ b/src/libFLAC/stream_decoder.c @@ -1628,6 +1628,8 @@ FLAC__bool read_metadata_streaminfo_(FLAC__StreamDecoder *decoder, FLAC__bool is /* skip the rest of the block */ FLAC__ASSERT(used_bits % 8 == 0); + if (length < (used_bits / 8)) + return false; /* read_callback_ sets the state for us */ length -= (used_bits / 8); if(!FLAC__bitreader_skip_byte_block_aligned_no_crc(decoder->private_->input, length)) return false; /* read_callback_ sets the state for us */ |