Skip to content

Commit 36a24c7

Browse files
committed
issue #28, do not overwrite heap on corrupt DSDIFF file
1 parent d5bf76b commit 36a24c7

File tree

1 file changed

+11
-1
lines changed

1 file changed

+11
-1
lines changed

Diff for: cli/dsdiff.c

+11-1
Original file line numberDiff line numberDiff line change
@@ -153,7 +153,17 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
153153
error_line ("dsdiff file version = 0x%08x", version);
154154
}
155155
else if (!strncmp (dff_chunk_header.ckID, "PROP", 4)) {
156-
char *prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize);
156+
char *prop_chunk;
157+
158+
if (dff_chunk_header.ckDataSize < 4 || dff_chunk_header.ckDataSize > 1024) {
159+
error_line ("%s is not a valid .DFF file!", infilename);
160+
return WAVPACK_SOFT_ERROR;
161+
}
162+
163+
if (debug_logging_mode)
164+
error_line ("got PROP chunk of %d bytes total", (int) dff_chunk_header.ckDataSize);
165+
166+
prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize);
157167

158168
if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) ||
159169
bcount != dff_chunk_header.ckDataSize) {

0 commit comments

Comments
 (0)