diff options
| author | Martijn van Beurden <mvanb1@gmail.com> | 2023-05-08 17:04:59 +0200 |
|---|---|---|
| committer | Martijn van Beurden <mvanb1@gmail.com> | 2023-05-08 19:39:08 +0200 |
| commit | 22fffdceb86f019a57d5122aeaac2829812d0b54 (patch) | |
| tree | 5680c4e779bb33adbc22d894e3d0b6015fcaee3f | |
| parent | afad04f0a91e9c06f89eacfae496356a16762358 (diff) | |
| download | flac-22fffdceb86f019a57d5122aeaac2829812d0b54.tar.gz | |
Check for overflow when multiplying skip samples with sample size
Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58606
| -rw-r--r-- | include/share/compat.h | 4 | ||||
| -rw-r--r-- | src/flac/encode.c | 10 |
2 files changed, 14 insertions, 0 deletions
diff --git a/include/share/compat.h b/include/share/compat.h index 7a865153..5ef5524a 100644 --- a/include/share/compat.h +++ b/include/share/compat.h @@ -52,6 +52,7 @@ #if defined _MSC_VER || defined __BORLANDC__ || defined __MINGW32__ #include <sys/types.h> /* for off_t */ #define FLAC__off_t __int64 /* use this instead of off_t to fix the 2 GB limit */ +#define FLAC__OFF_T_MAX INT64_MAX #if !defined __MINGW32__ #define fseeko _fseeki64 #define ftello _ftelli64 @@ -63,8 +64,11 @@ #endif #else #define FLAC__off_t off_t +#define FLAC__OFF_T_MAX OFF_T_MAX #endif + + #ifdef HAVE_INTTYPES_H #define __STDC_FORMAT_MACROS #include <inttypes.h> diff --git a/src/flac/encode.c b/src/flac/encode.c index c6755817..b8f5207a 100644 --- a/src/flac/encode.c +++ b/src/flac/encode.c @@ -1038,6 +1038,11 @@ int flac__encode_file(FILE *infile, FLAC__off_t infilesize, const char *infilena /* adjust encoding parameters based on skip and until values */ switch(options.format) { case FORMAT_RAW: + FLAC__ASSERT(sizeof(FLAC__off_t) == 8); + if(skip >= INT64_MAX / encoder_session.info.bytes_per_wide_sample) { + flac__utils_printf(stderr, 1, "%s: ERROR: value of --skip is too large\n", encoder_session.inbasefilename, encoder_session.info.bits_per_sample-encoder_session.info.shift); + return EncoderSession_finish_error(&encoder_session); + } infilesize -= (FLAC__off_t)skip * encoder_session.info.bytes_per_wide_sample; encoder_session.total_samples_to_encode = total_samples_in_input - skip; break; @@ -1046,6 +1051,11 @@ int flac__encode_file(FILE *infile, FLAC__off_t infilesize, const char *infilena case FORMAT_RF64: case FORMAT_AIFF: case FORMAT_AIFF_C: + FLAC__ASSERT(sizeof(FLAC__off_t) == 8); + if(skip >= INT64_MAX / encoder_session.info.bytes_per_wide_sample) { + flac__utils_printf(stderr, 1, "%s: ERROR: value of --skip is too large\n", encoder_session.inbasefilename, encoder_session.info.bits_per_sample-encoder_session.info.shift); + return EncoderSession_finish_error(&encoder_session); + } encoder_session.fmt.iff.data_bytes -= skip * encoder_session.info.bytes_per_wide_sample; if(options.ignore_chunk_sizes) { encoder_session.total_samples_to_encode = 0; |