[FFmpeg-cvslog] avformat/brstm: fix overflow

Paul B Mahol git at videolan.org
Wed Sep 23 19:20:30 CEST 2015


ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Wed Sep 23 19:07:48 2015 +0200| [3441fef0f8bfcdfbad69b49b7fc526fcdb2185cd] | committer: Paul B Mahol

avformat/brstm: fix overflow

Signed-off-by: Paul B Mahol <onemda at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3441fef0f8bfcdfbad69b49b7fc526fcdb2185cd
---

 libavformat/brstm.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavformat/brstm.c b/libavformat/brstm.c
index f2bc038..a781163 100644
--- a/libavformat/brstm.c
+++ b/libavformat/brstm.c
@@ -389,6 +389,10 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt)
         codec->codec_id == AV_CODEC_ID_ADPCM_THP_LE) {
         uint8_t *dst;
 
+        if (size > (INT_MAX - 32 - 4) ||
+            (32 + 4 + size) > (INT_MAX / codec->channels) ||
+            (32 + 4 + size) * codec->channels > INT_MAX - 8)
+            return AVERROR_INVALIDDATA;
         if (av_new_packet(pkt, 8 + (32 + 4 + size) * codec->channels) < 0)
             return AVERROR(ENOMEM);
         dst = pkt->data;



More information about the ffmpeg-cvslog mailing list