Add INT64_MAX limit to seekpoints
FLAC seekpoints are coded in unsigned 64-bit ints, but the code handling them uses signed 64-bit ints. Since users are unlikely to run into this limit anyway, do not use seekpoints larger than INT64_MAX Credit: Oss-Fuzz Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48112
This commit is contained in:
parent
cee5a1dcd3
commit
10c0a5f610
@ -3283,7 +3283,9 @@ FLAC__bool seek_to_absolute_sample_(FLAC__StreamDecoder *decoder, FLAC__uint64 s
|
||||
* must be ordered by ascending sample number.
|
||||
*
|
||||
* Note: to protect against invalid seek tables we will ignore points
|
||||
* that have frame_samples==0 or sample_number>=total_samples
|
||||
* that have frame_samples==0 or sample_number>=total_samples. Also,
|
||||
* because math is limited to 64-bit ints, seekpoints with an offset
|
||||
* larger than 2^63 (8 exbibyte) are rejected.
|
||||
*/
|
||||
if(seek_table) {
|
||||
FLAC__uint64 new_lower_bound = lower_bound;
|
||||
@ -3312,7 +3314,8 @@ FLAC__bool seek_to_absolute_sample_(FLAC__StreamDecoder *decoder, FLAC__uint64 s
|
||||
seek_table->points[i].sample_number != FLAC__STREAM_METADATA_SEEKPOINT_PLACEHOLDER &&
|
||||
seek_table->points[i].frame_samples > 0 && /* defense against bad seekpoints */
|
||||
(total_samples <= 0 || seek_table->points[i].sample_number < total_samples) && /* defense against bad seekpoints */
|
||||
seek_table->points[i].sample_number > target_sample
|
||||
seek_table->points[i].sample_number > target_sample &&
|
||||
seek_table->points[i].stream_offset < (FLAC__uint64)INT64_MAX
|
||||
)
|
||||
break;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user