libFLAC/stream_decoder.c: fix integer overflow on corrupt file

Corrupt metadata could make the length calculation overflow.
author: Hakan Kvist <hakan.kvist@sony.com> 2019-10-22 20:44:58 +0200
committer: Erik de Castro Lopo <erikd@mega-nerd.com> 2019-10-24 06:57:47 +1100
commit: b84ff55b032def9e38277f5efd249f4930a3dae1 (patch)
tree: 96c7fec5ae80d76cb2048a4a8934f066314bdcdc
parent: 25305d685b52979295064a9b566e697372a9878a (diff)
download: flac-b84ff55b032def9e38277f5efd249f4930a3dae1.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
index 5b96086c..7034cce6 100644
--- a/src/libFLAC/stream_decoder.c
+++ b/src/libFLAC/stream_decoder.c
@@ -1628,6 +1628,8 @@ FLAC__bool read_metadata_streaminfo_(FLAC__StreamDecoder *decoder, FLAC__bool is
 
 	/* skip the rest of the block */
 	FLAC__ASSERT(used_bits % 8 == 0);
+	if (length < (used_bits / 8))
+		return false; /* read_callback_ sets the state for us */
 	length -= (used_bits / 8);
 	if(!FLAC__bitreader_skip_byte_block_aligned_no_crc(decoder->private_->input, length))
 		return false; /* read_callback_ sets the state for us */
author	Hakan Kvist <hakan.kvist@sony.com>	2019-10-22 20:44:58 +0200
committer	Erik de Castro Lopo <erikd@mega-nerd.com>	2019-10-24 06:57:47 +1100
commit	b84ff55b032def9e38277f5efd249f4930a3dae1 (patch)
tree	96c7fec5ae80d76cb2048a4a8934f066314bdcdc
parent	25305d685b52979295064a9b566e697372a9878a (diff)
download	flac-b84ff55b032def9e38277f5efd249f4930a3dae1.tar.gz