[FFmpeg-cvslog] avformat/brstm: fix overflow
Paul B Mahol
git at videolan.org
Thu Jan 28 00:44:34 CET 2016
ffmpeg | branch: release/2.8 | Paul B Mahol <onemda at gmail.com> | Wed Sep 23 19:07:48 2015 +0200| [40ebeee3fc3516ede3709427e3b23c13a8a045fa] | committer: Andreas Cadhalpun
avformat/brstm: fix overflow
Signed-off-by: Paul B Mahol <onemda at gmail.com>
(cherry picked from commit 3441fef0f8bfcdfbad69b49b7fc526fcdb2185cd)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=40ebeee3fc3516ede3709427e3b23c13a8a045fa
---
libavformat/brstm.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/brstm.c b/libavformat/brstm.c
index 7ad40b0..6eae9d9 100644
--- a/libavformat/brstm.c
+++ b/libavformat/brstm.c
@@ -389,6 +389,10 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt)
codec->codec_id == AV_CODEC_ID_ADPCM_THP_LE) {
uint8_t *dst;
+ if (size > (INT_MAX - 32 - 4) ||
+ (32 + 4 + size) > (INT_MAX / codec->channels) ||
+ (32 + 4 + size) * codec->channels > INT_MAX - 8)
+ return AVERROR_INVALIDDATA;
if (av_new_packet(pkt, 8 + (32 + 4 + size) * codec->channels) < 0)
return AVERROR(ENOMEM);
dst = pkt->data;
More information about the ffmpeg-cvslog
mailing list