diff options
author | Víctor Manuel Jáquez Leal <vjaquez@igalia.com> | 2018-01-10 16:48:07 +0100 |
---|---|---|
committer | Víctor Manuel Jáquez Leal <vjaquez@igalia.com> | 2018-01-10 16:48:07 +0100 |
commit | 2b9712ca2da02e80115dd85b96e3392f9274ad83 (patch) | |
tree | 0853a06e3b420468de46fa8196b05c34843662ec | |
parent | ce3593c0f6999b6ceb77c16360e61973e2a59945 (diff) |
tests: y4mreader: fix incompatible cast
Passed pointer in parse_int() are unsigned int (32 bits, unsigned) but
they are dereferenced as a wider long (64 bits, signed). This may lead
to memory corruption.
-rw-r--r-- | tests/y4mreader.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/tests/y4mreader.c b/tests/y4mreader.c index aeb1d808..7dc711b6 100644 --- a/tests/y4mreader.c +++ b/tests/y4mreader.c @@ -27,7 +27,7 @@ * http://wiki.multimedia.cx/index.php?title=YUV4MPEG2 */ static inline gboolean -parse_int (const gchar * str, glong * out_value_ptr) +parse_int (const gchar * str, guint * out_value_ptr) { gint saved_errno; glong value; @@ -44,7 +44,10 @@ parse_int (const gchar * str, glong * out_value_ptr) value = strtol (str, NULL, 0); ret = (errno == 0); errno = saved_errno; - *out_value_ptr = value; + if (value > 0 && value <= G_MAXUINT) + *out_value_ptr = value; + else + ret = FALSE; return ret; } @@ -83,11 +86,11 @@ parse_header (Y4MReader * file) if ((header[j] != 0x20) && (header[j - 1] == 0x20)) { switch (header[j]) { case 'W': - if (!parse_int ((gchar *) & header[j], (glong *) & file->width)) + if (!parse_int ((gchar *) & header[j], &file->width)) return FALSE; break; case 'H': - if (!parse_int ((gchar *) & header[j], (glong *) & file->height)) + if (!parse_int ((gchar *) & header[j], &file->height)) return FALSE; break; case 'C': @@ -108,11 +111,11 @@ parse_header (Y4MReader * file) { guint num, den; - if (!parse_int ((gchar *) & header[j], (glong *) & num)) + if (!parse_int ((gchar *) & header[j], &num)) return FALSE; while ((header[j] != ':') && (j < i)) j++; - if (!parse_int ((gchar *) & header[j], (glong *) & den)) + if (!parse_int ((gchar *) & header[j], &den)) return FALSE; if (num <= 0 || den <= 0) { |