Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc
Commits
707f2169
Commit
707f2169
authored
Aug 31, 2015
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
update: fix integer overflow with signature file size
parent
145b0573
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
10 additions
and
4 deletions
+10
-4
src/misc/update_crypto.c
src/misc/update_crypto.c
+10
-4
No files found.
src/misc/update_crypto.c
View file @
707f2169
...
...
@@ -38,6 +38,7 @@
#include <gcrypt.h>
#include <assert.h>
#include <limits.h>
#include "vlc_common.h"
#include <vlc_stream.h>
...
...
@@ -941,8 +942,8 @@ public_key_t *download_key( vlc_object_t *p_this,
if
(
!
p_stream
)
return
NULL
;
int64_t
i_size
=
stream_Size
(
p_stream
)
;
if
(
i_size
<
0
)
uint64_t
i_size
;
if
(
stream_GetSize
(
p_stream
,
&
i_size
)
||
i_size
>
INT_MAX
)
{
stream_Delete
(
p_stream
);
return
NULL
;
...
...
@@ -1008,9 +1009,14 @@ int download_signature( vlc_object_t *p_this, signature_packet_t *p_sig,
if
(
!
p_stream
)
return
VLC_ENOMEM
;
int64_t
i_size
=
stream_Size
(
p_stream
);
uint64_t
i_size
;
if
(
stream_GetSize
(
p_stream
,
&
i_size
)
||
i_size
>
INT_MAX
)
{
stream_Delete
(
p_stream
);
return
NULL
;
}
msg_Dbg
(
p_this
,
"Downloading signature (%"
PRI
d
64
" bytes)"
,
i_size
);
msg_Dbg
(
p_this
,
"Downloading signature (%"
PRI
u
64
" bytes)"
,
i_size
);
uint8_t
*
p_buf
=
(
uint8_t
*
)
malloc
(
i_size
);
if
(
!
p_buf
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment