[xine-cvs] HG: xine-lib: check for negative/too large return values of get_size when demuxing mod streams

[Thomas V. <tv...@be...>]

# HG changeset patch
# User Thomas Viehmann <tv...@be...>
# Date 1230770715 -3600
# Node ID 9f367688cc08e9cf9e5a2a9b48869eb80c5effec
# Parent  65f524e1462381f6489b376e20ad605bea83ce57
check for negative/too large return values of get_size when demuxing mod streams
get_size might return -1 (e.g. for streams whose size is unknown),
but demux_mod is not able to handle this.
This is particularly bad because it is later assigned to unsigned types
(demux_mod_t.filesize is size_t).
Based on a patch by Matthias Hopf <mh...@su...>.

diff -r 9f367688cc08e9cf9e5a2a9b48869eb80c5effec -r 65f524e1462381f6489b376e20ad605bea83ce57 src/demuxers/demux_mod.c
--- a/src/demuxers/demux_mod.c	Thu Jan 01 01:45:15 2009 +0100
+++ b/src/demuxers/demux_mod.c	Wed Dec 31 22:47:32 2008 +0100
@@ -130,9 +130,16 @@ static int probe_mod_file(demux_mod_t *t
 /* returns 1 if the MOD file was opened successfully, 0 otherwise */
 static int open_mod_file(demux_mod_t *this) {
   int total_read;
+  off_t input_length;
   
   /* Get size and create buffer */
-  this->filesize = this->input->get_length(this->input);
+  input_length = this->input->get_length(this->input);
+  /* Avoid potential issues with signed variables and e.g. read() returning -1 */
+  if (input_length > 0x7FFFFFFF || input_length < 0) {
+    xine_log(this->stream->xine, XINE_LOG_PLUGIN, "modplug - size overflow\n");
+    return 0;
+  }
+  this->filesize = input_length; 
   this->buffer = (char *)malloc(this->filesize);
   if(!this->buffer) {
     xine_log(this->stream->xine, XINE_LOG_PLUGIN, "modplug - allocation failure\n");