Check for overflow in parsing skip/until specification (#584)
Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57259
diff --git a/src/flac/utils.c b/src/flac/utils.c
index d236dc8..092dfd5 100644
--- a/src/flac/utils.c
+++ b/src/flac/utils.c
@@ -56,8 +56,12 @@
return false;
while('\0' != (c = *s++))
- if(c >= '0' && c <= '9')
+ if(c >= '0' && c <= '9') {
+ FLAC__uint64 tmp = ret;
ret = ret * 10 + (c - '0');
+ if(ret < tmp) /* check for overflow */
+ return false;
+ }
else
return false;
@@ -300,6 +304,8 @@
if(local__parse_uint64_(s, &val)) {
spec->value_is_samples = true;
+ if(val > INT64_MAX)
+ return false;
spec->value.samples = (FLAC__int64)val;
if(is_negative)
spec->value.samples = -(spec->value.samples);