[FFmpeg-cvslog] avformat/rtpdec_xiph: Check upper bound on len in xiph_handle_packet()
Michael Niedermayer
git at videolan.org
Thu May 21 21:25:59 CEST 2015
ffmpeg | branch: release/2.5 | Michael Niedermayer <michaelni at gmx.at> | Tue May 12 18:03:55 2015 +0200| [1973b6ac5cf9424169d2e4774cd2b61c1e19ee77] | committer: Michael Niedermayer
avformat/rtpdec_xiph: Check upper bound on len in xiph_handle_packet()
Larger packets are not supported and would cause problems later
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit aa5169935e160551fb1c290d1397da2f04325817)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1973b6ac5cf9424169d2e4774cd2b61c1e19ee77
---
libavformat/rtpdec_xiph.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/rtpdec_xiph.c b/libavformat/rtpdec_xiph.c
index dc34f9e..da9a1e2 100644
--- a/libavformat/rtpdec_xiph.c
+++ b/libavformat/rtpdec_xiph.c
@@ -112,7 +112,7 @@ static int xiph_handle_packet(AVFormatContext *ctx, PayloadContext *data,
return data->split_pkts > 0;
}
- if (len < 6) {
+ if (len < 6 || len > INT_MAX/2) {
av_log(ctx, AV_LOG_ERROR, "Invalid %d byte packet\n", len);
return AVERROR_INVALIDDATA;
}
More information about the ffmpeg-cvslog
mailing list