libaacs | branch: master | npzacs <npz...@gmail.com> | Wed May 6 14:19:04 2015 +0300| [cceaba446c7bc6653cdc82892a7f6ef7a07d69ec] | committer: npzacs
Fix possible integer overflow > http://git.videolan.org/gitweb.cgi/libaacs.git/?a=commit;h=cceaba446c7bc6653cdc82892a7f6ef7a07d69ec --- src/libaacs/aacs.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/libaacs/aacs.c b/src/libaacs/aacs.c index d5ea398..fdd9b00 100644 --- a/src/libaacs/aacs.c +++ b/src/libaacs/aacs.c @@ -404,6 +404,7 @@ static size_t _read_file(AACS *aacs, const char *file, void **data) { AACS_FILE_H *fp = NULL; int64_t f_size; + size_t size; *data = NULL; @@ -414,13 +415,14 @@ static size_t _read_file(AACS *aacs, const char *file, void **data) } f_size = file_size(fp); - if (f_size <= 0) { - BD_DEBUG(DBG_AACS | DBG_CRIT, "Invalid size %"PRId64" for %s\n", file); + size = f_size; + if (f_size <= 0 || f_size != (int64_t)size) { + BD_DEBUG(DBG_AACS | DBG_CRIT, "Invalid size %"PRId64" for %s\n", f_size, file); file_close(fp); return 0; } - *data = malloc(f_size); + *data = malloc(size); if (*data) { if (file_read(fp, *data, f_size) != f_size) { BD_DEBUG(DBG_AACS | DBG_CRIT, "Failed reading %s\n", file); @@ -432,7 +434,7 @@ static size_t _read_file(AACS *aacs, const char *file, void **data) file_close(fp); - return *data ? f_size : 0; + return *data ? size : 0; } static MKB *_mkb_open(AACS *aacs) _______________________________________________ libaacs-devel mailing list libaacs-devel@videolan.org https://mailman.videolan.org/listinfo/libaacs-devel
