[FFmpeg-cvslog] mpc8: check seektable size before attempting to use it.
Michael Niedermayer
git at videolan.org
Sun Dec 2 04:27:03 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sun Dec 2 04:21:42 2012 +0100| [b61ba262a1e275f8129b7383d70fe48051b47fcf] | committer: Michael Niedermayer
mpc8: check seektable size before attempting to use it.
Fixes null pointer dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b61ba262a1e275f8129b7383d70fe48051b47fcf
---
libavformat/mpc8.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c
index 56ed7ad..191f696 100644
--- a/libavformat/mpc8.c
+++ b/libavformat/mpc8.c
@@ -145,6 +145,10 @@ static void mpc8_parse_seektable(AVFormatContext *s, int64_t off)
av_log(s, AV_LOG_ERROR, "No seek table at given position\n");
return;
}
+ if (size > INT_MAX/10 || size<=0) {
+ av_log(s, AV_LOG_ERROR, "Seek table size is invalid\n");
+ return;
+ }
if(!(buf = av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE)))
return;
avio_read(s->pb, buf, size);
More information about the ffmpeg-cvslog
mailing list