[FFmpeg-cvslog] avcodec/movtextenc: Check for too many styles
Andreas Rheinhardt
git at videolan.org
Wed Feb 24 11:18:44 EET 2021
ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Sat Feb 20 23:42:04 2021 +0100| [1c9e53d70b4a0157af02070c2a6cf4db0c6f6dee] | committer: Andreas Rheinhardt
avcodec/movtextenc: Check for too many styles
The counter for the number of styles is written on two bytes, ergo
anything > UINT16_MAX is invalid. This also fixes a compiler warning
because of a tautologically true check on 64bit systems.
Reviewed-by: Philip Langdale <philipl at overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1c9e53d70b4a0157af02070c2a6cf4db0c6f6dee
---
libavcodec/movtextenc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/movtextenc.c b/libavcodec/movtextenc.c
index 1bef21e0b9..cf30adbd0a 100644
--- a/libavcodec/movtextenc.c
+++ b/libavcodec/movtextenc.c
@@ -355,7 +355,7 @@ static int mov_text_style_start(MovTextContext *s)
StyleBox *tmp;
// last style != defaults, end the style entry and start a new one
- if (s->count + 1 > SIZE_MAX / sizeof(*s->style_attributes) ||
+ if (s->count + 1 > FFMIN(SIZE_MAX / sizeof(*s->style_attributes), UINT16_MAX) ||
!(tmp = av_fast_realloc(s->style_attributes,
&s->style_attributes_bytes_allocated,
(s->count + 1) * sizeof(*s->style_attributes)))) {
More information about the ffmpeg-cvslog
mailing list