Skip to content
Permalink
Browse files Browse the repository at this point in the history
parse_qt: possible integer overflow
  • Loading branch information
alextutubalin committed Jun 11, 2018
1 parent b90e0d4 commit 1334647
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
2 changes: 2 additions & 0 deletions dcraw/dcraw.c
Expand Up @@ -13593,6 +13593,8 @@ void CLASS parse_qt (int end)
while (ftell(ifp)+7 < end) {
save = ftell(ifp);
if ((size = get4()) < 8) return;
if ((int)size < 0) return; // 2+GB is too much
if (save + size < save) return; // 32bit overflow
fread (tag, 4, 1, ifp);
if (!memcmp(tag,"moov",4) ||
!memcmp(tag,"udta",4) ||
Expand Down
2 changes: 2 additions & 0 deletions internal/dcraw_common.cpp
Expand Up @@ -12395,6 +12395,8 @@ void CLASS parse_qt (int end)
while (ftell(ifp)+7 < end) {
save = ftell(ifp);
if ((size = get4()) < 8) return;
if ((int)size < 0) return; // 2+GB is too much
if (save + size < save) return; // 32bit overflow
fread (tag, 4, 1, ifp);
if (!memcmp(tag,"moov",4) ||
!memcmp(tag,"udta",4) ||
Expand Down

0 comments on commit 1334647

Please sign in to comment.