avformat/aiffdec: fix signed integer overflow
authorPaul B Mahol <onemda@gmail.com>
Wed, 25 Sep 2019 15:36:52 +0000 (17:36 +0200)
committerPaul B Mahol <onemda@gmail.com>
Wed, 25 Sep 2019 15:40:50 +0000 (17:40 +0200)
Fixes #8151

libavformat/aiffdec.c

index 61ef099..a42987c 100644 (file)
@@ -243,7 +243,10 @@ static int aiff_read_header(AVFormatContext *s)
         if (size < 0)
             return size;
 
-        filesize -= size + 8;
+        if (size >= 0x7fffffff - 8)
+            filesize = 0;
+        else
+            filesize -= size + 8;
 
         switch (tag) {
         case MKTAG('C', 'O', 'M', 'M'):     /* Common chunk */