mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
Fix remotely exploitable arbitrary code execution vulnerability.
Found by Tobias Klein / tk // trapkit / de / See: http://www.trapkit.de/advisories/TKADV2009-004.txt Originally committed as revision 16846 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
parent
5a446bc88e
commit
0838cfdc8a
@ -166,12 +166,13 @@ static int fourxm_read_header(AVFormatContext *s,
|
||||
goto fail;
|
||||
}
|
||||
current_track = AV_RL32(&header[i + 8]);
|
||||
if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack) - 1){
|
||||
av_log(s, AV_LOG_ERROR, "current_track too large\n");
|
||||
ret= -1;
|
||||
goto fail;
|
||||
}
|
||||
if (current_track + 1 > fourxm->track_count) {
|
||||
fourxm->track_count = current_track + 1;
|
||||
if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack)){
|
||||
ret= -1;
|
||||
goto fail;
|
||||
}
|
||||
fourxm->tracks = av_realloc(fourxm->tracks,
|
||||
fourxm->track_count * sizeof(AudioTrack));
|
||||
if (!fourxm->tracks) {
|
||||
|
Loading…
Reference in New Issue
Block a user