dcraw.cc: parse_qt: possible integer overflow

2025-04-17 16:54:06 +08:00 · 2025-04-17 16:54:06 +08:00 · 137be1f5e4
commit 137be1f5e4
parent c466177ccf
1 changed files with 2 additions and 0 deletions
--- a/rtengine/dcraw.cc
+++ b/rtengine/dcraw.cc
@ -7842,6 +7842,8 @@ void CLASS parse_qt (int end)
  while (ftell(ifp)+7 < end) {
    save = ftell(ifp);
    if ((size = get4()) < 8) return;
+    if ((int)size < 0) return; // 2+GB is too much
+    if (save + size < save) return; // 32bit overflow
    fread (tag, 4, 1, ifp);
    if (!memcmp(tag,"moov",4) ||
 	!memcmp(tag,"udta",4) ||