diff --git a/NEWS b/NEWS index 311667f58..08057a86e 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ ver 0.15.5 (2009/??/??) * input: - curl: don't abort if a packet has only metadata +* tags: + - riff, aiff: fixed "limited range" gcc warning * decoder_thread: change the fallback decoder name to "mad" diff --git a/src/aiff.c b/src/aiff.c index f77e86d2b..d4bec628b 100644 --- a/src/aiff.c +++ b/src/aiff.c @@ -84,6 +84,11 @@ aiff_seek_id3(FILE *file) return 0; size = GUINT32_FROM_BE(chunk.size); + if (size > G_MAXINT32) + /* too dangerous, bail out: possible integer + underflow when casting to off_t */ + return 0; + if (size % 2 != 0) /* pad byte */ ++size; @@ -92,11 +97,6 @@ aiff_seek_id3(FILE *file) /* found it! */ return size; - if ((off_t)size < 0) - /* integer underflow after cast to signed - type */ - return 0; - ret = fseek(file, size, SEEK_CUR); if (ret != 0) return 0; diff --git a/src/riff.c b/src/riff.c index 7227fd3c8..a8ea9dd42 100644 --- a/src/riff.c +++ b/src/riff.c @@ -83,6 +83,11 @@ riff_seek_id3(FILE *file) return 0; size = GUINT32_FROM_LE(chunk.size); + if (size > G_MAXINT32) + /* too dangerous, bail out: possible integer + underflow when casting to off_t */ + return 0; + if (size % 2 != 0) /* pad byte */ ++size; @@ -91,11 +96,6 @@ riff_seek_id3(FILE *file) /* found it! */ return size; - if ((off_t)size < 0) - /* integer underflow after cast to signed - type */ - return 0; - ret = fseek(file, size, SEEK_CUR); if (ret != 0) return 0;