From: Rémi Denis-Courmont <remi@remlab.net>
Date: Sat, 1 Dec 2018 21:32:18 +0000 (+0200)
Subject: caf: fix integer underflow
X-Git-Tag: archive/raspbian/3.0.11.1-2+rpi1~1^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2~1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=b4094abe8fb6d4c73a59c907b825aeca8146c556;p=vlc.git

caf: fix integer underflow

Pointed-out-by: Hans Jerry Illikainen <hji@dyntopia.com>
(cherry picked from commit 0cc5ea748ee5ff7705dde61ab15dff8f58be39d0)
Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>

Gbp-Pq: Name 0004-caf-fix-integer-underflow.patch
---

diff --git a/modules/demux/caf.c b/modules/demux/caf.c
index 7cee1f61..0b5fb318 100644
--- a/modules/demux/caf.c
+++ b/modules/demux/caf.c
@@ -691,14 +691,13 @@ static int ReadKukiChunk( demux_t *p_demux, uint64_t i_size )
     demux_sys_t *p_sys = p_demux->p_sys;
     const uint8_t *p_peek;
 
-    /* vlc_stream_Peek can't handle sizes bigger than INT32_MAX, and also p_sys->fmt.i_extra is of type 'int'*/
-    if( i_size > INT32_MAX )
+    if( i_size > SSIZE_MAX )
     {
         msg_Err( p_demux, "Magic Cookie chunk too big" );
         return VLC_EGENERIC;
     }
 
-    if( (unsigned int)vlc_stream_Peek( p_demux->s, &p_peek, (int)i_size ) < i_size )
+    if( vlc_stream_Peek( p_demux->s, &p_peek, i_size ) < (ssize_t)i_size )
     {
         msg_Err( p_demux, "Couldn't peek extra data" );
         return VLC_EGENERIC;