[FFmpeg-cvslog] avcodec/movtextdec: Fix potential integer overflow
Michael Niedermayer
git at videolan.org
Tue Nov 15 16:08:59 EET 2016
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Tue Nov 15 14:46:16 2016 +0100| [6ea27157682200e5f78cadcabdb009eccd9dd9b1] | committer: Michael Niedermayer
avcodec/movtextdec: Fix potential integer overflow
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6ea27157682200e5f78cadcabdb009eccd9dd9b1
---
libavcodec/movtextdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index a33fff7..923e582 100644
--- a/libavcodec/movtextdec.c
+++ b/libavcodec/movtextdec.c
@@ -485,7 +485,7 @@ static int mov_text_decode_frame(AVCodecContext *avctx,
m->size_var = 8;
//size_var is equal to 8 or 16 depending on the size of box
- if (m->tracksize + tsmb_size > avpkt->size)
+ if (tsmb_size > avpkt->size - m->tracksize)
break;
for (size_t i = 0; i < box_count; i++) {
More information about the ffmpeg-cvslog
mailing list