• Filip Roséen's avatar
    demux/aiff: integer-overflow leads to infinite loop · 6a08e8e3
    Filip Roséen authored
    Given that the previous implementation stored the size of the current
    chunk-payload in an uint32_t, it would potentially overflow when
    adding the size of the chunk header and conditional padding.
    
    These changes fixes the previously described by storing the
    chunk-total size in a larger integer type, as well as making sure that
    we do not pass a too big of a value to vlc_stream_Read (that would
    cause problems on 32bit platforms).
    
    Fixes #17562
    Signed-off-by: Jean-Baptiste Kempf's avatarJean-Baptiste Kempf <jb@videolan.org>
    6a08e8e3
aiff.c 10.6 KB