[FFmpeg-cvslog] avformat/utils: Fix potential integer overflow in extract_extradata()
Michael Niedermayer
git at videolan.org
Sun Oct 7 23:59:12 EEST 2018
ffmpeg | branch: release/4.0 | Michael Niedermayer <michael at niedermayer.cc> | Thu Sep 27 00:00:26 2018 +0200| [eb495b20e51fb7a5a02ca3004fd5a8ea359592f4] | committer: Michael Niedermayer
avformat/utils: Fix potential integer overflow in extract_extradata()
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0a41a8bf2945e59db7a0773ebce11a26b95d45b6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eb495b20e51fb7a5a02ca3004fd5a8ea359592f4
---
libavformat/utils.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index c25eab4d49..685fdb9b76 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -3542,7 +3542,9 @@ static int extract_extradata(AVStream *st, AVPacket *pkt)
&extradata_size);
if (extradata) {
- i->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
+ av_assert0(!i->avctx->extradata);
+ if ((unsigned)extradata_size < FF_MAX_EXTRADATA_SIZE)
+ i->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
if (!i->avctx->extradata) {
av_packet_unref(pkt_ref);
return AVERROR(ENOMEM);
More information about the ffmpeg-cvslog
mailing list