Check for overflow in off_t when parsing chunks

Credit: Oss-Fuzz Issue: https://issues.oss-fuzz.com/issues/42537590
xiph · Dec 27, 2024 · 0a7b294 · 0a7b294
1 parent 7f491ae
commit 0a7b294
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/include/share/compat.h b/include/share/compat.h
@@ -70,7 +70,7 @@
 #define FLAC__OFF_T_MAX LONG_MAX
 #else
 #define FLAC__off_t off_t
-#define FLAC__OFF_T_MAX OFF_T_MAX
+#define FLAC__OFF_T_MAX (sizeof(off_t) == sizeof(int64_t) ? INT64_MAX : sizeof(off_t) == sizeof(int32_t) ? INT32_MAX : -999999)
 #endif
 #endif
 

diff --git a/src/flac/encode.c b/src/flac/encode.c
@@ -2915,6 +2915,9 @@ FLAC__bool fskip_ahead(FILE *f, FLAC__uint64 offset)
 	static uint8_t dump[8192];
 	struct flac_stat_s stb;
 
+	if(offset > (FLAC__uint64)FLAC__OFF_T_MAX)
+		return false;
+
 	if(flac_fstat(fileno(f), &stb) == 0 && (stb.st_mode & S_IFMT) == S_IFREG)
 	{
 		if(fseeko(f, offset, SEEK_CUR) == 0)