virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-03-17 20:17:55 +02:00
Code Issues Releases Activity

libavformat/mov: Fix heap buffer overflow.

Browse Source 
Found by Chrome's ClusterFuzz: https://crbug.com/847060

Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Jacob Trimble 2018-05-31 10:41:29 -07:00 committed by Michael Niedermayer
parent 841c1efc78
commit 9827bb88e7
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavformat/mov.c
View File

@ -5895,7 +5895,7 @@ static int mov_read_senc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
return AVERROR(ENOMEM);
for (i = 0; i < sample_count; i++) {
unsigned int min_samples = FFMIN(FFMAX(i, 1024 * 1024), sample_count);
unsigned int min_samples = FFMIN(FFMAX(i + 1, 1024 * 1024), sample_count);
encrypted_samples = av_fast_realloc(encryption_index->encrypted_samples, &alloc_size,
min_samples * sizeof(*encrypted_samples));
if (encrypted_samples) {
@ -5949,7 +5949,7 @@ static int mov_parse_auxiliary_info(MOVContext *c, MOVStreamContext *sc, AVIOCon
}
for (i = 0; i < sample_count && !pb->eof_reached; i++) {
unsigned int min_samples = FFMIN(FFMAX(i, 1024 * 1024), sample_count);
unsigned int min_samples = FFMIN(FFMAX(i + 1, 1024 * 1024), sample_count);
encrypted_samples = av_fast_realloc(encryption_index->encrypted_samples, &alloc_size,
min_samples * sizeof(*encrypted_samples));
if (!encrypted_samples) {
@ -6110,7 +6110,7 @@ static int mov_read_saio(MOVContext *c, AVIOContext *pb, MOVAtom atom)
return AVERROR(ENOMEM);
for (i = 0; i < entry_count && !pb->eof_reached; i++) {
unsigned int min_offsets = FFMIN(FFMAX(i, 1024), entry_count);
unsigned int min_offsets = FFMIN(FFMAX(i + 1, 1024), entry_count);
auxiliary_offsets = av_fast_realloc(
encryption_index->auxiliary_offsets, &alloc_size,
min_offsets * sizeof(*auxiliary_offsets));