vlc/vlc-CVE-2019-13602_1.patch

From b2b157076d9e94df34502dd8df0787deb940e938 Mon Sep 17 00:00:00 2001
From: =?utf8?q?R=C3=A9mi=20Denis-Courmont?= <remi@remlab.net>
Date: Thu, 27 Jun 2019 23:19:38 +0300
Subject: [PATCH] mp4: fix integer underflow

Reported-by: Hyeon-Ju Lee <zorurione@gmail.com>
---
 modules/demux/mp4/mp4.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/demux/mp4/mp4.c b/modules/demux/mp4/mp4.c
index 540aa836c2..77b46de1c3 100644
--- a/modules/demux/mp4/mp4.c
+++ b/modules/demux/mp4/mp4.c
@@ -510,11 +510,11 @@ static block_t * MP4_EIA608_Convert( block_t * p_block )
     block_t *p_newblock;
 
     /* always need at least 10 bytes (atom size+header+1pair)*/
-    if ( i_remaining < 10 ||
-         !(i_bytes = GetDWBE(p_block->p_buffer)) ||
-         (i_bytes > i_remaining) ||
-         memcmp("cdat", &p_block->p_buffer[4], 4) ||
-         !(p_newblock = block_Alloc( i_remaining * 3 - 8 )) )
+    i_bytes = GetDWBE(p_block->p_buffer);
+
+    if (10 < i_bytes || i_bytes < i_remaining ||
+        memcmp("cdat", &p_block->p_buffer[4], 4) ||
+        (p_newblock = block_Alloc(i_remaining * 3 - 8)) == NULL)
     {
         p_block->i_buffer = 0;
         return p_block;
-- 
2.11.0