Skip to content

Commit

Permalink
ogt_vox: added check for buffer and chunk size overflow
Browse files Browse the repository at this point in the history
dougbinks authored and jpaver committed Jun 11, 2023
1 parent fca5bc9 commit c539718
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions src/ogt_vox.h
Original file line number Diff line number Diff line change
@@ -2584,6 +2584,13 @@
_vox_file_write_uint32_at_offset(fp, offset_of_chunk_header + 4, &chunk_size);
}

// check that the buffer is not larger than the maximum file size, return nothing if would overflow
if( fp->data.count > UINT32_MAX || (fp->data.count - offset_post_main_chunk ) > UINT32_MAX )
{
*buffer_size = 0;
return NULL; // note: fp will be freed in dtor on exit
}

// we deliberately don't free the fp->data field, just pass the buffer pointer and size out to the caller
*buffer_size = (uint32_t)fp->data.count;
uint8_t* buffer_data = _vox_file_get_data(fp);

0 comments on commit c539718

Please sign in to comment.