From 86fa6dc2cb9a9022c953d77de3a65fe7e9ea481a Mon Sep 17 00:00:00 2001
From: Vignesh Venkatasubramanian <vigneshv@google.com>
Date: Fri, 25 Aug 2017 11:28:01 -0700
Subject: [PATCH] mkvparser: Fix potential overflow in Block::Parse

BUG=b/65045341

Change-Id: I198e72ea3859d2382a34e1e6dca957f9323af278
---
 mkvparser/mkvparser.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/mkvparser/mkvparser.cc b/mkvparser/mkvparser.cc
index 3f4878c..1eeaa13 100644
--- a/mkvparser/mkvparser.cc
+++ b/mkvparser/mkvparser.cc
@@ -7911,6 +7911,10 @@ long Block::Parse(const Cluster* pCluster) {
         return E_FILE_FORMAT_INVALID;
 
       curr.len = static_cast<long>(frame_size);
+      // Check if size + curr.len could overflow.
+      if (size > LLONG_MAX - curr.len) {
+        return E_FILE_FORMAT_INVALID;
+      }
       size += curr.len;  // contribution of this frame
 
       --frame_count;