virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-03-17 20:17:55 +02:00
Code Issues Releases Activity

avformat/mov: Fix potential integer overflow in mov_read_keys

Browse Source 
Actual allocation size is computed as (count + 1)*sizeof(meta_keys), so
we need to check that (count + 1) won't cause overflow.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 347cb14b7cba7560e53f4434b419b9d8800253e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Sergey Volk 2016-09-07 14:05:35 -07:00 committed by Michael Niedermayer
parent cb8a29f872
commit 9259b7f38e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/mov.c
View File

@ -3149,7 +3149,7 @@ static int mov_read_keys(MOVContext *c, AVIOContext *pb, MOVAtom atom)
avio_skip(pb, 4);
count = avio_rb32(pb);
if (count > UINT_MAX / sizeof(*c->meta_keys)) {
if (count > UINT_MAX / sizeof(*c->meta_keys) - 1) {
av_log(c->fc, AV_LOG_ERROR,
"The 'keys' atom with the invalid key count: %d\n", count);
return AVERROR_INVALIDDATA;