Commit ab0f2968 authored by Hubert Figuiere's avatar Hubert Figuiere
Browse files

2.4.x: Bug 102151 - RIFF: fix an infinite loop cause by an overflow

parent fe2b070c
......@@ -173,7 +173,8 @@ Chunk::Chunk( ContainerChunk* parent, RIFF_MetaHandler* handler, bool skip, Chun
this->oldPos = file->Offset();
this->id = XIO::ReadUns32_LE( file );
this->oldSize = XIO::ReadUns32_LE( file ) + 8;
this->oldSize = XIO::ReadUns32_LE( file );
this->oldSize += 8;
// Make sure the size is within expected bounds.
XMP_Int64 chunkEnd = this->oldPos + this->oldSize;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment