fix vulnerability where an atom list size is enormous

and calculating the number of bytes needed to hold the list overflows Addresses https://nvd.nist.gov/vuln/detail/CVE-2018-14326 and https://nvd.nist.gov/vuln/detail/CVE-2018-14446
TechSmith · Mar 20, 2019 · 70d823c · 70d823c
1 parent e475013
commit 70d823c
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/mp4array.h b/src/mp4array.h
@@ -102,6 +102,8 @@ class MP4Array {
         void Resize(MP4ArrayIndex newSize) { \
             m_numElements = newSize; \
             m_maxNumElements = newSize; \
+            if ( (uint64_t) m_maxNumElements * sizeof(type) > 0xFFFFFFFF ) \
+               throw new PlatformException("requested array size exceeds 4GB", ERANGE, __FILE__, __LINE__, __FUNCTION__); /* prevent overflow */ \
             m_elements = (type*)MP4Realloc(m_elements, \
                 m_maxNumElements * sizeof(type)); \
         } \