From 1df9b05f18af492e4de5abfb6a842287712fb732 Mon Sep 17 00:00:00 2001
From: Edward Hervey <edward@centricular.com>
Date: Fri, 8 Dec 2017 08:00:07 +0100
Subject: [PATCH] typefind: Avoid overflow calculation

The qt typefinder uses guint64 values for offset and size calculation
but the typefinder system only supports gint64 values.

Make sure we don't end up using potentially overflowing values.
---
 gst/typefind/gsttypefindfunctions.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/gst/typefind/gsttypefindfunctions.c b/gst/typefind/gsttypefindfunctions.c
index 0cb7c0dfa0..0a66e3a336 100644
--- a/gst/typefind/gsttypefindfunctions.c
+++ b/gst/typefind/gsttypefindfunctions.c
@@ -3358,6 +3358,8 @@ qt_type_find (GstTypeFind * tf, gpointer unused)
     }
 
     size = GST_READ_UINT32_BE (data);
+    if (size + offset >= G_MAXINT64)
+      break;
     /* check compatible brands rather than ever expaning major brands above */
     if ((STRNCMP (&data[4], "ftyp", 4) == 0) && (size >= 16)) {
       data = gst_type_find_peek (tf, offset, size);
@@ -3393,6 +3395,8 @@ qt_type_find (GstTypeFind * tf, gpointer unused)
     new_offset = offset + size;
     if (new_offset <= offset)
       break;
+    if (new_offset + 16 >= G_MAXINT64)
+      break;
     offset = new_offset;
   }