From e2e66404d5fa8f3fcc0581abdf6d2ccc9790954e Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Fri, 30 Jan 2015 23:22:49 +0100 Subject: decoder/DsdLib: fix integer overflow in ID3 size calculation --- src/decoder/plugins/DsdLib.cxx | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src/decoder/plugins') diff --git a/src/decoder/plugins/DsdLib.cxx b/src/decoder/plugins/DsdLib.cxx index de1ce0655..11500b654 100644 --- a/src/decoder/plugins/DsdLib.cxx +++ b/src/decoder/plugins/DsdLib.cxx @@ -117,13 +117,15 @@ dsdlib_tag_id3(InputStream &is, if (tagoffset >= size) return; - const id3_length_t count = size - tagoffset; - if (count < 10 || count > 1024 * 1024) + const auto count64 = size - tagoffset; + if (count64 < 10 || count64 > 1024 * 1024) return; if (!dsdlib_skip_to(nullptr, is, tagoffset)) return; + const id3_length_t count = count64; + id3_byte_t *const id3_buf = new id3_byte_t[count]; if (id3_buf == nullptr) return; -- cgit v1.2.3