summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartijn van Beurden <mvanb1@gmail.com>2022-08-20 13:28:07 +0200
committerMartijn van Beurden <mvanb1@gmail.com>2022-08-20 16:03:53 +0200
commitc90b3ea3c001785389b2f708621ba1e548276e3e (patch)
tree047ac667541395b8a0f8900bc4f859e3625e2d55
parent5bc582b2c72a5fe401511ee492d1410f4f23ec7e (diff)
downloadflac-c90b3ea3c001785389b2f708621ba1e548276e3e.tar.gz
Fix integer overflow in seeking code
This issue popped up in ci-fuzz, unrelated to the PR itself.
Diffstat
-rw-r--r--src/libFLAC/stream_decoder.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
index c8e3f325..ac96c02f 100644
--- a/src/libFLAC/stream_decoder.c
+++ b/src/libFLAC/stream_decoder.c
@@ -3327,8 +3327,7 @@ FLAC__bool seek_to_absolute_sample_(FLAC__StreamDecoder *decoder, FLAC__uint64 s
seek_table->points[i].sample_number != FLAC__STREAM_METADATA_SEEKPOINT_PLACEHOLDER &&
seek_table->points[i].frame_samples > 0 && /* defense against bad seekpoints */
(total_samples <= 0 || seek_table->points[i].sample_number < total_samples) && /* defense against bad seekpoints */
- seek_table->points[i].sample_number > target_sample &&
- seek_table->points[i].stream_offset < (FLAC__uint64)INT64_MAX
+ seek_table->points[i].sample_number > target_sample
)
break;
}
@@ -3366,7 +3365,9 @@ FLAC__bool seek_to_absolute_sample_(FLAC__StreamDecoder *decoder, FLAC__uint64 s
decoder->protected_->state == FLAC__STREAM_DECODER_ABORTED)
return false;
/* check if the bounds are still ok */
- if (lower_bound_sample >= upper_bound_sample || lower_bound > upper_bound) {
+ if (lower_bound_sample >= upper_bound_sample ||
+ lower_bound > upper_bound ||
+ upper_bound >= INT64_MAX) {
decoder->protected_->state = FLAC__STREAM_DECODER_SEEK_ERROR;
return false;
}
View Lorry Controller Status