mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
avpacket: fix size check in packet_alloc
The previous check only caught sizes from -AV_INPUT_BUFFER_PADDING_SIZE to -1. This fixes ubsan runtime error: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
parent
066281372d
commit
fa463aa83a
@ -69,7 +69,7 @@ void av_packet_free(AVPacket **pkt)
|
|||||||
static int packet_alloc(AVBufferRef **buf, int size)
|
static int packet_alloc(AVBufferRef **buf, int size)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
if ((unsigned)size >= (unsigned)size + AV_INPUT_BUFFER_PADDING_SIZE)
|
if (size < 0 || size >= INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE)
|
||||||
return AVERROR(EINVAL);
|
return AVERROR(EINVAL);
|
||||||
|
|
||||||
ret = av_buffer_realloc(buf, size + AV_INPUT_BUFFER_PADDING_SIZE);
|
ret = av_buffer_realloc(buf, size + AV_INPUT_BUFFER_PADDING_SIZE);
|
||||||
|
Loading…
Reference in New Issue
Block a user