From: Rémi Denis-Courmont <remi@remlab.net>
Date: Thu, 27 Jun 2019 20:19:38 +0000 (+0300)
Subject: mp4: fix integer underflow
X-Git-Tag: archive/raspbian/3.0.11.1-2+rpi1~1^2^2^2^2^2^2^2^2^2^2^2^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=793ccdb7259205f0e7066aa36c1cdcf3445392ba;p=vlc.git

mp4: fix integer underflow

Reported-by: Hyeon-Ju Lee <zorurione@gmail.com>
(cherry picked from commit b2b157076d9e94df34502dd8df0787deb940e938)

Gbp-Pq: Name 0003-mp4-fix-integer-underflow.patch
---

diff --git a/modules/demux/mp4/mp4.c b/modules/demux/mp4/mp4.c
index edda423b..0c7aa2dd 100644
--- a/modules/demux/mp4/mp4.c
+++ b/modules/demux/mp4/mp4.c
@@ -421,11 +421,11 @@ static block_t * MP4_EIA608_Convert( block_t * p_block )
     block_t *p_newblock;
 
     /* always need at least 10 bytes (atom size+header+1pair)*/
-    if ( i_remaining < 10 ||
-         !(i_bytes = GetDWBE(p_block->p_buffer)) ||
-         (i_bytes > i_remaining) ||
-         memcmp("cdat", &p_block->p_buffer[4], 4) ||
-         !(p_newblock = block_Alloc( i_remaining * 3 - 8 )) )
+    i_bytes = GetDWBE(p_block->p_buffer);
+
+    if (10 < i_bytes || i_bytes < i_remaining ||
+        memcmp("cdat", &p_block->p_buffer[4], 4) ||
+        (p_newblock = block_Alloc(i_remaining * 3 - 8)) == NULL)
     {
         p_block->i_buffer = 0;
         return p_block;