Fixed a potential integer overflow in MemToBlock().

author Laurent Aimar <fenrir@videolan.org>

Thu, 12 Jan 2012 20:31:13 +0000 (21:31 +0100)

committer Laurent Aimar <fenrir@videolan.org>

Thu, 12 Jan 2012 20:46:22 +0000 (21:46 +0100)
author Laurent Aimar <fenrir@videolan.org>
Thu, 12 Jan 2012 20:31:13 +0000 (21:31 +0100)
committer Laurent Aimar <fenrir@videolan.org>
Thu, 12 Jan 2012 20:46:22 +0000 (21:46 +0100)
diff --git a/modules/demux/mkv/mkv.cpp b/modules/demux/mkv/mkv.cpp

index ebbcafa047e65a1131cd1026c27927e8ca20218b..67af69ee4595af869df276326cbe0175e632226c 100644 (file)
--- a/modules/demux/mkv/mkv.cpp
+++ b/modules/demux/mkv/mkv.cpp
@@ -455,6 +455,9 @@ static void Seek( demux_t *p_demux, mtime_t i_date, double f_percent, virtual_ch
  /* Utility function for BlockDecode */
  static block_t *MemToBlock( uint8_t *p_mem, size_t i_mem, size_t offset)
  {
+    if( unlikely( i_mem > SIZE_MAX - offset ) )
+        return NULL;
+
      block_t *p_block = block_New( p_demux, i_mem + offset );
      if( likely(p_block != NULL) )
      {
author	Laurent Aimar <fenrir@videolan.org>
	Thu, 12 Jan 2012 20:31:13 +0000 (21:31 +0100)
committer	Laurent Aimar <fenrir@videolan.org>
	Thu, 12 Jan 2012 20:46:22 +0000 (21:46 +0100)