Add INT64_MAX limit to seekpoints

FLAC seekpoints are coded in unsigned 64-bit ints, but the code
handling them uses signed 64-bit ints. Since users are unlikely
to run into this limit anyway, do not use seekpoints larger than
INT64_MAX

Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48112

1 files changed, 5 insertions, 2 deletions

diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
index 689bd2bb..fe8c451a 100644
--- a/src/libFLAC/stream_decoder.c
+++ b/src/libFLAC/stream_decoder.c
@@ -3283,7 +3283,9 @@ FLAC__bool seek_to_absolute_sample_(FLAC__StreamDecoder *decoder, FLAC__uint64 s
 	 * must be ordered by ascending sample number.
 	 *
 	 * Note: to protect against invalid seek tables we will ignore points
-	 * that have frame_samples==0 or sample_number>=total_samples
+	 * that have frame_samples==0 or sample_number>=total_samples. Also,
+	 * because math is limited to 64-bit ints, seekpoints with an offset
+	 * larger than 2^63 (8 exbibyte) are rejected.
 	 */
 	if(seek_table) {
 		FLAC__uint64 new_lower_bound = lower_bound;
@@ -3312,7 +3314,8 @@ FLAC__bool seek_to_absolute_sample_(FLAC__StreamDecoder *decoder, FLAC__uint64 s
 				seek_table->points[i].sample_number != FLAC__STREAM_METADATA_SEEKPOINT_PLACEHOLDER &&
 				seek_table->points[i].frame_samples > 0 && /* defense against bad seekpoints */
 				(total_samples <= 0 || seek_table->points[i].sample_number < total_samples) && /* defense against bad seekpoints */
-				seek_table->points[i].sample_number > target_sample
+				seek_table->points[i].sample_number > target_sample &&
+				seek_table->points[i].stream_offset < (FLAC__uint64)INT64_MAX
 			)
 				break;
 		}