commit 4b2c33ebf2582cb946c94ff4b603338fb0a33c52
author Martijn van Beurden <mvanb1@gmail.com> Mon Apr 10 08:08:54 2023 +0200
committer GitHub <noreply@github.com> Mon Apr 10 08:08:54 2023 +0200
tree 50a5b500193cd7dad3f4789643e4255b361c3126
parent f191bc3d6c0568c88e6b4a66521881c7af460127

Check for overflow in parsing skip/until specification (#584)

Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57259

src/flac/utils.c

diff --git a/src/flac/utils.c b/src/flac/utils.c
index d236dc8..092dfd5 100644
--- a/src/flac/utils.c
+++ b/src/flac/utils.c
@@ -56,8 +56,12 @@
 		return false;
 
 	while('\0' != (c = *s++))
-		if(c >= '0' && c <= '9')
+		if(c >= '0' && c <= '9') {
+			FLAC__uint64 tmp = ret;
 			ret = ret * 10 + (c - '0');
+			if(ret < tmp) /* check for overflow */
+				return false;
+		}
 		else
 			return false;
 
@@ -300,6 +304,8 @@
 
 		if(local__parse_uint64_(s, &val)) {
 			spec->value_is_samples = true;
+			if(val > INT64_MAX)
+				return false;
 			spec->value.samples = (FLAC__int64)val;
 			if(is_negative)
 				spec->value.samples = -(spec->value.samples);