[FFmpeg-cvslog] http: Check for negative chunk sizes
Martin Storsjö
git at videolan.org
Fri May 5 03:34:44 EEST 2017
ffmpeg | branch: master | Martin Storsjö <martin at martin.st> | Thu Dec 15 10:24:20 2016 +0200| [131644677970a3c4a0096270ea2a5b5d437c2e63] | committer: Martin Storsjö
http: Check for negative chunk sizes
A negative chunk size is illegal and would end up used as
length for memcpy, where it would lead to memory accesses
out of bounds.
Found-by: Paul Cher <paulcher at icloud.com>
CC: libav-stable at libav.org
Signed-off-by: Martin Storsjö <martin at martin.st>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=131644677970a3c4a0096270ea2a5b5d437c2e63
---
libavformat/http.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libavformat/http.c b/libavformat/http.c
index 8fe8d11e1e..00cf295001 100644
--- a/libavformat/http.c
+++ b/libavformat/http.c
@@ -784,8 +784,9 @@ static int http_read_stream(URLContext *h, uint8_t *buf, int size)
av_log(NULL, AV_LOG_TRACE, "Chunked encoding data size: %"PRId64"'\n",
s->chunksize);
-
- if (!s->chunksize)
+ if (s->chunksize < 0)
+ return AVERROR_INVALIDDATA;
+ else if (!s->chunksize)
return 0;
break;
}
More information about the ffmpeg-cvslog
mailing list