Check for overflow when multiplying skip samples with sample size

Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58606
This commit is contained in:
Martijn van Beurden 2023-05-08 17:04:59 +02:00
parent afad04f0a9
commit 22fffdceb8
2 changed files with 14 additions and 0 deletions

View File

@ -52,6 +52,7 @@
#if defined _MSC_VER || defined __BORLANDC__ || defined __MINGW32__ #if defined _MSC_VER || defined __BORLANDC__ || defined __MINGW32__
#include <sys/types.h> /* for off_t */ #include <sys/types.h> /* for off_t */
#define FLAC__off_t __int64 /* use this instead of off_t to fix the 2 GB limit */ #define FLAC__off_t __int64 /* use this instead of off_t to fix the 2 GB limit */
#define FLAC__OFF_T_MAX INT64_MAX
#if !defined __MINGW32__ #if !defined __MINGW32__
#define fseeko _fseeki64 #define fseeko _fseeki64
#define ftello _ftelli64 #define ftello _ftelli64
@ -63,8 +64,11 @@
#endif #endif
#else #else
#define FLAC__off_t off_t #define FLAC__off_t off_t
#define FLAC__OFF_T_MAX OFF_T_MAX
#endif #endif
#ifdef HAVE_INTTYPES_H #ifdef HAVE_INTTYPES_H
#define __STDC_FORMAT_MACROS #define __STDC_FORMAT_MACROS
#include <inttypes.h> #include <inttypes.h>

View File

@ -1038,6 +1038,11 @@ int flac__encode_file(FILE *infile, FLAC__off_t infilesize, const char *infilena
/* adjust encoding parameters based on skip and until values */ /* adjust encoding parameters based on skip and until values */
switch(options.format) { switch(options.format) {
case FORMAT_RAW: case FORMAT_RAW:
FLAC__ASSERT(sizeof(FLAC__off_t) == 8);
if(skip >= INT64_MAX / encoder_session.info.bytes_per_wide_sample) {
flac__utils_printf(stderr, 1, "%s: ERROR: value of --skip is too large\n", encoder_session.inbasefilename, encoder_session.info.bits_per_sample-encoder_session.info.shift);
return EncoderSession_finish_error(&encoder_session);
}
infilesize -= (FLAC__off_t)skip * encoder_session.info.bytes_per_wide_sample; infilesize -= (FLAC__off_t)skip * encoder_session.info.bytes_per_wide_sample;
encoder_session.total_samples_to_encode = total_samples_in_input - skip; encoder_session.total_samples_to_encode = total_samples_in_input - skip;
break; break;
@ -1046,6 +1051,11 @@ int flac__encode_file(FILE *infile, FLAC__off_t infilesize, const char *infilena
case FORMAT_RF64: case FORMAT_RF64:
case FORMAT_AIFF: case FORMAT_AIFF:
case FORMAT_AIFF_C: case FORMAT_AIFF_C:
FLAC__ASSERT(sizeof(FLAC__off_t) == 8);
if(skip >= INT64_MAX / encoder_session.info.bytes_per_wide_sample) {
flac__utils_printf(stderr, 1, "%s: ERROR: value of --skip is too large\n", encoder_session.inbasefilename, encoder_session.info.bits_per_sample-encoder_session.info.shift);
return EncoderSession_finish_error(&encoder_session);
}
encoder_session.fmt.iff.data_bytes -= skip * encoder_session.info.bytes_per_wide_sample; encoder_session.fmt.iff.data_bytes -= skip * encoder_session.info.bytes_per_wide_sample;
if(options.ignore_chunk_sizes) { if(options.ignore_chunk_sizes) {
encoder_session.total_samples_to_encode = 0; encoder_session.total_samples_to_encode = 0;