Change check for overflow so sanitizer doesn't trigger

ktmf01 · ktmf01 · commit db7b34c67a6f · 2026-02-24T20:47:49.000+01:00
Credit: Oss-fuzz Issue: https://issues.oss-fuzz.com/issues/482309612
diff --git a/src/flac/foreign_metadata.c b/src/flac/foreign_metadata.c
@@ -211,6 +211,7 @@ static FLAC__bool read_from_wave_(foreign_metadata_t *fm, FILE *f, const char **
 {
 	FLAC__byte buffer[12];
 	FLAC__off_t offset, eof_offset = -1, ds64_data_size = -1;
+	FLAC__uint64 overflow_check;
 	if((offset = ftello(f)) < 0) {
 		if(error) *error = "ftello() error (001)";
 		return false;
@@ -314,12 +315,13 @@ static FLAC__bool read_from_wave_(foreign_metadata_t *fm, FILE *f, const char **
 				if(error) *error = "RF64 file has \"ds64\" chunk with extra size table, which is not currently supported (r06)";
 				return false;
 			}
-			eof_offset = (FLAC__off_t)8 + (FLAC__off_t)unpack64le_(buffer2);
+			overflow_check = 8 + unpack64le_(buffer2);
 			/* @@@ [2^63 limit] */
-			if((FLAC__off_t)unpack64le_(buffer2) < 0 || eof_offset < 0) {
+			if(overflow_check > FLAC__OFF_T_MAX) {
 				if(error) *error = "RF64 file too large (r07)";
 				return false;
 			}
+			eof_offset = (FLAC__off_t)overflow_check;
 		}
 		else { /* skip to next chunk */
 			if(fm->is_rf64 && !memcmp(buffer, "data", 4) && unpack32le_(buffer+4) == 0xffffffff) {

Original file line number	Diff line number	Diff line change
`@@ -211,6 +211,7 @@ static FLAC__bool read_from_wave_(foreign_metadata_t fm, FILE f, const char **`
`211`	`211`	`{`
`212`	`212`	`FLAC__byte buffer[12];`
`213`	`213`	`FLAC__off_t offset, eof_offset = -1, ds64_data_size = -1;`
	`214`	`+ FLAC__uint64 overflow_check;`
`214`	`215`	`if((offset = ftello(f)) < 0) {`
`215`	`216`	`if(error) *error = "ftello() error (001)";`
`216`	`217`	`return false;`
`@@ -314,12 +315,13 @@ static FLAC__bool read_from_wave_(foreign_metadata_t fm, FILE f, const char **`
`314`	`315`	`if(error) *error = "RF64 file has \"ds64\" chunk with extra size table, which is not currently supported (r06)";`
`315`	`316`	`return false;`
`316`	`317`	`}`
`317`		`- eof_offset = (FLAC__off_t)8 + (FLAC__off_t)unpack64le_(buffer2);`
	`318`	`+ overflow_check = 8 + unpack64le_(buffer2);`
`318`	`319`	`/* @@@ [2^63 limit] */`
`319`		`- if((FLAC__off_t)unpack64le_(buffer2) < 0 \|\| eof_offset < 0) {`
	`320`	`+ if(overflow_check > FLAC__OFF_T_MAX) {`
`320`	`321`	`if(error) *error = "RF64 file too large (r07)";`
`321`	`322`	`return false;`
`322`	`323`	`}`
	`324`	`+ eof_offset = (FLAC__off_t)overflow_check;`
`323`	`325`	`}`
`324`	`326`	`else { /* skip to next chunk */`
`325`	`327`	`if(fm->is_rf64 && !memcmp(buffer, "data", 4) && unpack32le_(buffer+4) == 0xffffffff) {`