Prevent overflow in boundary check for Ap4SbgpAtom

Fuzzer caught another large malloc in Ap4SbgpAtom. It is caused by overflow in boundary check
axiomatic-systems · Mar 27, 2024 · 8806fe2 · 8806fe2
1 parent f9f6b22
commit 8806fe2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Source/C++/Core/Ap4SbgpAtom.cpp b/Source/C++/Core/Ap4SbgpAtom.cpp
@@ -87,7 +87,7 @@ AP4_SbgpAtom::AP4_SbgpAtom(AP4_UI32        size,
     AP4_Result result = stream.ReadUI32(entry_count);
     if (AP4_FAILED(result)) return;
     remains -= 4;
-    if (remains < entry_count*8) {
+    if (remains < (AP4_UI64)entry_count*8) {
         return;
     }
     m_Entries.SetItemCount(entry_count);