libebml/SOURCES/libebml-cve-2023-52339.patch

diff -up libebml-1.3.9/src/MemIOCallback.cpp.cve-2023-52339 libebml-1.3.9/src/MemIOCallback.cpp
--- libebml-1.3.9/src/MemIOCallback.cpp.cve-2023-52339	2024-02-02 13:48:28.626522658 +0100
+++ libebml-1.3.9/src/MemIOCallback.cpp	2024-02-02 13:49:59.620078963 +0100
@@ -68,7 +68,8 @@ uint32 MemIOCallback::read(void *Buffer,
   if (Buffer == NULL || Size < 1)
     return 0;
   //If the size is larger than than the amount left in the buffer
-  if (Size + dataBufferPos > dataBufferTotalSize) {
+  if (Size + dataBufferPos < Size || // overflow, reading too much
+      Size + dataBufferPos > dataBufferTotalSize) {
     //We will only return the remaining data
     memcpy(Buffer, dataBuffer + dataBufferPos, dataBufferTotalSize - dataBufferPos);
     uint64 oldDataPos = dataBufferPos;
@@ -95,6 +96,8 @@ void MemIOCallback::setFilePointer(int64
 
 size_t MemIOCallback::write(const void *Buffer, size_t Size)
 {
+  if (dataBufferPos + Size < Size) // overflow, we can't hold that much
+    return 0;
   if (dataBufferMemorySize < dataBufferPos + Size) {
     //We need more memory!
     dataBuffer = (binary *)realloc((void *)dataBuffer, dataBufferPos + Size);
@@ -109,6 +112,8 @@ size_t MemIOCallback::write(const void *
 
 uint32 MemIOCallback::write(IOCallback & IOToRead, size_t Size)
 {
+  if (dataBufferPos + Size < Size) // overflow, we can't hold that much
+    return 0;
   if (dataBufferMemorySize < dataBufferPos + Size) {
     //We need more memory!
     dataBuffer = (binary *)realloc((void *)dataBuffer, dataBufferPos + Size);