virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-21 10:55:51 +02:00
Code Issues Releases Activity

idcin: check for integer overflow when calling av_get_packet()

Browse Source 
chunk_size is unsigned 32-bit, but av_get_packet() takes a signed int as the
packet size.
This commit is contained in:
Justin Ruggles 2012-08-01 16:10:08 -04:00
parent 7040e479a1
commit 33f58c3616
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavformat/idcin.c
View File

@ -278,6 +278,10 @@ static int idcin_read_packet(AVFormatContext *s,
}
chunk_size = avio_rl32(pb);
if (chunk_size < 4 || chunk_size > INT_MAX - 4) {
av_log(s, AV_LOG_ERROR, "invalid chunk size: %u\n", chunk_size);
return AVERROR_INVALIDDATA;
}
/* skip the number of decoded bytes (always equal to width * height) */
avio_skip(pb, 4);
chunk_size -= 4;