mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
Fix nalsize check to avoid an integer overflow that made the check
incorrect for nalsize > INT_MAX - buf_index Originally committed as revision 19307 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
parent
0444a8c534
commit
8d8409ca9f
@ -7505,7 +7505,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
|
||||
nalsize = 0;
|
||||
for(i = 0; i < h->nal_length_size; i++)
|
||||
nalsize = (nalsize << 8) | buf[buf_index++];
|
||||
if(nalsize <= 1 || (nalsize+buf_index > buf_size)){
|
||||
if(nalsize <= 1 || nalsize > buf_size - buf_index){
|
||||
if(nalsize == 1){
|
||||
buf_index++;
|
||||
continue;
|
||||
|
Loading…
Reference in New Issue
Block a user