From eefb7c1638281ff40008ce55ad9ae17b054f1253 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= Date: Mon, 1 Apr 2024 14:36:19 +0300 Subject: [PATCH] wavpackparse: Fix potential integer overflow on ID_ODD_SIZE blocks Part-of: --- .../gst-plugins-good/gst/audioparsers/gstwavpackparse.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/subprojects/gst-plugins-good/gst/audioparsers/gstwavpackparse.c b/subprojects/gst-plugins-good/gst/audioparsers/gstwavpackparse.c index 09d7977acf..c116b7df33 100644 --- a/subprojects/gst-plugins-good/gst/audioparsers/gstwavpackparse.c +++ b/subprojects/gst-plugins-good/gst/audioparsers/gstwavpackparse.c @@ -322,8 +322,11 @@ gst_wavpack_parse_frame_metadata (GstWavpackParse * parse, GstBuffer * buf, size <<= 8; size += c; size <<= 1; - if (id & ID_ODD_SIZE) + if (id & ID_ODD_SIZE) { + if (size == 0) + goto read_failed; size--; + } CHECK (gst_byte_reader_get_data (&br, size + (size & 1), &data)); gst_byte_reader_init (&mbr, data, size);