ref: 3cd7588dae88cf0c5d77ba89eac7531e5f588312
parent: 580614f062703905f6a8113d3fc69760c9b2d29b
author: Jean-Marc Valin <jmvalin@amazon.com>
date: Wed May 17 20:02:56 EDT 2023
Avoid potential integer wrap-around
--- a/dnn/parse_lpcnet_weights.c
+++ b/dnn/parse_lpcnet_weights.c
@@ -36,7 +36,7 @@
WeightHead *h = (WeightHead *)*data;
if (*len < WEIGHT_BLOCK_SIZE) return -1;
if (h->block_size < h->size) return -1;
- if (*len < h->block_size+WEIGHT_BLOCK_SIZE) return -1;
+ if (h->block_size > *len-WEIGHT_BLOCK_SIZE) return -1;
if (h->name[sizeof(h->name)-1] != 0) return -1;
if (h->size < 0) return -1;
array->name = h->name;
--
⑨