Check for overflow in off_t when parsing chunks (#781)

ktmf01 · web-flow · commit a8adc6c04431 · 2024-12-27T12:03:31.000+01:00
Credit: Oss-Fuzz Issue: https://issues.oss-fuzz.com/issues/42537590
diff --git a/include/share/compat.h b/include/share/compat.h
@@ -70,7 +70,7 @@
 #define FLAC__OFF_T_MAX LONG_MAX
 #else
 #define FLAC__off_t off_t
-#define FLAC__OFF_T_MAX OFF_T_MAX
+#define FLAC__OFF_T_MAX (sizeof(off_t) == sizeof(int64_t) ? INT64_MAX : sizeof(off_t) == sizeof(int32_t) ? INT32_MAX : -999999)
 #endif
 #endif
 
diff --git a/src/flac/encode.c b/src/flac/encode.c
@@ -2915,6 +2915,9 @@ FLAC__bool fskip_ahead(FILE *f, FLAC__uint64 offset)
 	static uint8_t dump[8192];
 	struct flac_stat_s stb;
 
+	if(offset > (FLAC__uint64)FLAC__OFF_T_MAX)
+		return false;
+
 	if(flac_fstat(fileno(f), &stb) == 0 && (stb.st_mode & S_IFMT) == S_IFREG)
 	{
 		if(fseeko(f, offset, SEEK_CUR) == 0)

Original file line number	Diff line number	Diff line change
`@@ -2915,6 +2915,9 @@ FLAC__bool fskip_ahead(FILE *f, FLAC__uint64 offset)`
`2915`	`2915`	`static uint8_t dump[8192];`
`2916`	`2916`	`struct flac_stat_s stb;`
`2917`	`2917`
	`2918`	`+ if(offset > (FLAC__uint64)FLAC__OFF_T_MAX)`
	`2919`	`+ return false;`
	`2920`	`+`
`2918`	`2921`	`if(flac_fstat(fileno(f), &stb) == 0 && (stb.st_mode & S_IFMT) == S_IFREG)`
`2919`	`2922`	`{`
`2920`	`2923`	`if(fseeko(f, offset, SEEK_CUR) == 0)`