[FFmpeg-cvslog] avformat/brstm: fix overflow
Paul B Mahol
git at videolan.org
Wed Sep 23 19:20:30 CEST 2015
ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Wed Sep 23 19:07:48 2015 +0200| [3441fef0f8bfcdfbad69b49b7fc526fcdb2185cd] | committer: Paul B Mahol
avformat/brstm: fix overflow
Signed-off-by: Paul B Mahol <onemda at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3441fef0f8bfcdfbad69b49b7fc526fcdb2185cd
---
libavformat/brstm.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/brstm.c b/libavformat/brstm.c
index f2bc038..a781163 100644
--- a/libavformat/brstm.c
+++ b/libavformat/brstm.c
@@ -389,6 +389,10 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt)
codec->codec_id == AV_CODEC_ID_ADPCM_THP_LE) {
uint8_t *dst;
+ if (size > (INT_MAX - 32 - 4) ||
+ (32 + 4 + size) > (INT_MAX / codec->channels) ||
+ (32 + 4 + size) * codec->channels > INT_MAX - 8)
+ return AVERROR_INVALIDDATA;
if (av_new_packet(pkt, 8 + (32 + 4 + size) * codec->channels) < 0)
return AVERROR(ENOMEM);
dst = pkt->data;
More information about the ffmpeg-cvslog
mailing list