[FFmpeg-cvslog] flacdec: fix buffer size checking in get_metadata_size()
Justin Ruggles
git at videolan.org
Sat Oct 1 21:38:51 CEST 2011
ffmpeg | branch: release/0.8 | Justin Ruggles <justin.ruggles at gmail.com> | Tue Sep 13 15:13:44 2011 -0400| [20047f77b9592da17e8bc56e54d3b2e2ca6959a9] | committer: Michael Niedermayer
flacdec: fix buffer size checking in get_metadata_size()
Adds an additional check before reading the next block header and avoids a
potential integer overflow when checking the metadata size against the
remaining buffer size.
(cherry picked from commit 4c5e7b27d57dd2be777780e840eef9be63242158)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20047f77b9592da17e8bc56e54d3b2e2ca6959a9
---
libavcodec/flacdec.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/libavcodec/flacdec.c b/libavcodec/flacdec.c
index ece095c..011c75f 100644
--- a/libavcodec/flacdec.c
+++ b/libavcodec/flacdec.c
@@ -228,9 +228,11 @@ static int get_metadata_size(const uint8_t *buf, int buf_size)
buf += 4;
do {
+ if (buf_end - buf < 4)
+ return 0;
ff_flac_parse_block_header(buf, &metadata_last, NULL, &metadata_size);
buf += 4;
- if (buf + metadata_size > buf_end) {
+ if (buf_end - buf < metadata_size) {
/* need more data in order to read the complete header */
return 0;
}
More information about the ffmpeg-cvslog
mailing list