check for negative/too large return values of get_size when demuxing mod streams

get_size might return -1 (e.g. for streams whose size is unknown),
but demux_mod is not able to handle this.
This is particularly bad because it is later assigned to unsigned types
(demux_mod_t.filesize is size_t).
Based on a patch by Matthias Hopf <mhopf@suse.de>.

1 files changed, 8 insertions, 1 deletions

diff --git a/src/demuxers/demux_mod.c b/src/demuxers/demux_mod.c
index bffcf36d8..073927707 100644
--- a/src/demuxers/demux_mod.c
+++ b/src/demuxers/demux_mod.c
@@ -130,9 +130,16 @@ static int probe_mod_file(demux_mod_t *this) {
 /* returns 1 if the MOD file was opened successfully, 0 otherwise */
 static int open_mod_file(demux_mod_t *this) {
   int total_read;
+  off_t input_length;
   
   /* Get size and create buffer */
-  this->filesize = this->input->get_length(this->input);
+  input_length = this->input->get_length(this->input);
+  /* Avoid potential issues with signed variables and e.g. read() returning -1 */
+  if (input_length > 0x7FFFFFFF || input_length < 0) {
+    xine_log(this->stream->xine, XINE_LOG_PLUGIN, "modplug - size overflow\n");
+    return 0;
+  }
+  this->filesize = input_length; 
   this->buffer = (char *)malloc(this->filesize);
   if(!this->buffer) {
     xine_log(this->stream->xine, XINE_LOG_PLUGIN, "modplug - allocation failure\n");