mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-11-21 10:55:51 +02:00
http: Check for negative chunk sizes
A negative chunk size is illegal and would end up used as length for memcpy, where it would lead to memory accesses out of bounds. Found-by: Paul Cher <paulcher@icloud.com> CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st>
This commit is contained in:
parent
0b77a59336
commit
1316446779
@ -784,8 +784,9 @@ static int http_read_stream(URLContext *h, uint8_t *buf, int size)
|
||||
|
||||
av_log(NULL, AV_LOG_TRACE, "Chunked encoding data size: %"PRId64"'\n",
|
||||
s->chunksize);
|
||||
|
||||
if (!s->chunksize)
|
||||
if (s->chunksize < 0)
|
||||
return AVERROR_INVALIDDATA;
|
||||
else if (!s->chunksize)
|
||||
return 0;
|
||||
break;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user