src/inputPlugins · ef0e2fdc1b4d080d7cdf912660eaae8ec9103120 · Иван Мажукин / mpd

mp4: fix potential integer overflow bug in the mp4_decode() function · 79a14c9a

authored Sep 12, 2008

A crafted mp4 file could cause an integer overflow in mp4_decode
function in src/inputPlugins/mp4_plugin.c. mp4ff_num_samples()
function returns some tainted value. sizeof(float) * numSamples is an
integer overflow operation if numSamples is too huge, so xmalloc will
allocate a small memory region. I constructe a mp4 file, and use
faad2 to open the file. mp4ff_num_samples() returns -1. So I think mpd
bears from the same problem.

79a14c9a

Name	Last commit	Last update
..
_flac_common.c		Loading commit data...
_flac_common.h		Loading commit data...
_ogg_common.c		Loading commit data...
_ogg_common.h		Loading commit data...
aac_plugin.c		Loading commit data...
audiofile_plugin.c		Loading commit data...
flac_plugin.c		Loading commit data...
mod_plugin.c		Loading commit data...
mp3_plugin.c		Loading commit data...
mp4_plugin.c		Loading commit data...
mpc_plugin.c		Loading commit data...
oggflac_plugin.c		Loading commit data...
oggvorbis_plugin.c		Loading commit data...
wavpack_plugin.c		Loading commit data...