Commit 730a93d4 authored by Laurent Aimar's avatar Laurent Aimar

Fixed potential invalid reads.

parent 113f18e9
...@@ -678,17 +678,17 @@ static void ParsePicture( demux_t *p_demux, const uint8_t *p_data, int i_data ) ...@@ -678,17 +678,17 @@ static void ParsePicture( demux_t *p_demux, const uint8_t *p_data, int i_data )
i_type = GetDWBE( p_data ); RM(4); i_type = GetDWBE( p_data ); RM(4);
i_len = GetDWBE( p_data ); RM(4); i_len = GetDWBE( p_data ); RM(4);
if( i_data < i_len + 4 ) if( i_len < 0 || i_data < i_len + 4 )
goto error; goto error;
psz_mime = strndup( p_data, i_len ); RM(i_len); psz_mime = strndup( p_data, i_len ); RM(i_len);
i_len = GetDWBE( p_data ); RM(4); i_len = GetDWBE( p_data ); RM(4);
if( i_data < i_len + 4*4 + 4) if( i_len < 0 || i_data < i_len + 4*4 + 4)
goto error; goto error;
psz_description = strndup( p_data, i_len ); RM(i_len); psz_description = strndup( p_data, i_len ); RM(i_len);
EnsureUTF8( psz_description ); EnsureUTF8( psz_description );
RM(4*4); RM(4*4);
i_len = GetDWBE( p_data ); RM(4); i_len = GetDWBE( p_data ); RM(4);
if( i_len > i_data ) if( i_len < 0 || i_len > i_data )
goto error; goto error;
msg_Dbg( p_demux, "FLAC: Picture type=%d mime=%s description='%s' file length=%d", msg_Dbg( p_demux, "FLAC: Picture type=%d mime=%s description='%s' file length=%d",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment