On Fri, Jul 12, 2024 at 10:42:38AM +0200, Andreas Rheinhardt wrote: > Michael Niedermayer: > > The length is 64bit that is passed into the functions. > > Alternatively the values can be checked before cast > > > > Fixes: CID1604572 Overflowed return value > > > > Sponsored-by: Sovereign Tech Fund > > Signed-off-by: Michael Niedermayer > > --- > > libavformat/matroskadec.c | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c > > index aa28a37da4c..9914838698c 100644 > > --- a/libavformat/matroskadec.c > > +++ b/libavformat/matroskadec.c > > @@ -989,7 +989,7 @@ static int ebml_read_length(MatroskaDemuxContext *matroska, AVIOContext *pb, > > * Read the next element as an unsigned int. > > * Returns NEEDS_CHECKING unless size == 0. > > */ > > -static int ebml_read_uint(AVIOContext *pb, int size, > > +static int ebml_read_uint(AVIOContext *pb, int64_t size, > > uint64_t default_value, uint64_t *num) > > { > > int n = 0; > > @@ -1010,7 +1010,7 @@ static int ebml_read_uint(AVIOContext *pb, int size, > > * Read the next element as a signed int. > > * Returns NEEDS_CHECKING unless size == 0. > > */ > > -static int ebml_read_sint(AVIOContext *pb, int size, > > +static int ebml_read_sint(AVIOContext *pb, int64_t size, > > int64_t default_value, int64_t *num) > > { > > int n = 1; > > @@ -1033,7 +1033,7 @@ static int ebml_read_sint(AVIOContext *pb, int size, > > * Read the next element as a float. > > * Returns 0 if size == 0, NEEDS_CHECKING or < 0 on obvious failure. > > */ > > -static int ebml_read_float(AVIOContext *pb, int size, > > +static int ebml_read_float(AVIOContext *pb, int64_t size, > > double default_value, double *num) > > { > > if (size == 0) { > > The values are already checked before that (via the max_lengths list). Patch droped teh issue is already marked as false positive as it was mixed with other false positive stuff thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB In a rich man's house there is no place to spit but his face. -- Diogenes of Sinope