liz/rawTherapee
liz/rawTherapee
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

dcraw.cc: parse_qt: possible integer overflow

Browse Source
This commit is contained in:
npt-1707 2025-04-17 16:54:06 +08:00
parent c466177ccf
commit 137be1f5e4
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rtengine/dcraw.cc
View File

@ -7842,6 +7842,8 @@ void CLASS parse_qt (int end)
while (ftell(ifp)+7 < end) { while (ftell(ifp)+7 < end) {
save = ftell(ifp); save = ftell(ifp);
if ((size = get4()) < 8) return; if ((size = get4()) < 8) return;
if ((int)size < 0) return; // 2+GB is too much
if (save + size < save) return; // 32bit overflow
fread (tag, 4, 1, ifp); fread (tag, 4, 1, ifp);
if (!memcmp(tag,"moov",4) || if (!memcmp(tag,"moov",4) ||
!memcmp(tag,"udta",4) || !memcmp(tag,"udta",4) ||