[FFmpeg-devel] stsz overflow
Frank Barchard
fbarchard
Tue Aug 25 00:04:24 CEST 2009
On Mon, Aug 24, 2009 at 2:22 PM, Baptiste Coudurier <
baptiste.coudurier at gmail.com> wrote:
> Hi,
>
> + if(entries>= UINT_MAX / (sizeof(int)*8))
>
>>
>> Why sizeof(int)*8 ?
>
Thats the max field size (32). Here is the surrounding code:
if (field_size != 4 && field_size != 8 && field_size != 16 &&
field_size != 32) { av_log(c->fc, AV_LOG_ERROR, "Invalid sample
field size %d\n", field_size); return -1;}
if(entries >= UINT_MAX / sizeof(int)) return -1;sc->sample_sizes =
av_malloc(entries * sizeof(int));if (!sc->sample_sizes) return
AVERROR(ENOMEM);
*if**(entries **>=** UINT_MAX **/** (**sizeof**(**int**)*****8**))****
**return** **-**1**;****num_bytes **=**
(entries*****field_size**+**4**)**>>**3**;***buf =
av_malloc(num_bytes+FF_INPUT_BUFFER_PADDING_SIZE);if (!buf) {
av_freep(&sc->sample_sizes); return AVERROR(ENOMEM);
More information about the ffmpeg-devel
mailing list