[FFmpeg-cvslog] avcodec/movtextdec: Fix potential integer overflow
Michael Niedermayer
git at videolan.org
Sat Nov 26 16:47:56 EET 2016
ffmpeg | branch: release/2.8 | Michael Niedermayer <michael at niedermayer.cc> | Tue Nov 15 14:46:16 2016 +0100| [63504a2d44e51999e3ce11a4b172a1b3965a2996] | committer: Michael Niedermayer
avcodec/movtextdec: Fix potential integer overflow
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6ea27157682200e5f78cadcabdb009eccd9dd9b1)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63504a2d44e51999e3ce11a4b172a1b3965a2996
---
libavcodec/movtextdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index e7c3d49..a2b50b0 100644
--- a/libavcodec/movtextdec.c
+++ b/libavcodec/movtextdec.c
@@ -490,7 +490,7 @@ static int mov_text_decode_frame(AVCodecContext *avctx,
m->size_var = 8;
//size_var is equal to 8 or 16 depending on the size of box
- if (m->tracksize + tsmb_size > avpkt->size)
+ if (tsmb_size > avpkt->size - m->tracksize)
break;
for (size_t i = 0; i < box_count; i++) {
More information about the ffmpeg-cvslog
mailing list