[FFmpeg-devel] [PATCH 2/2] nsvdec: Check av_malloc(string_size)

Michael Niedermayer michaelni at gmx.at
Thu Dec 29 22:40:16 CET 2011


This can easily be NULL as string_size can be 2g in a damaged file.

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
---
 libavformat/nsvdec.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/libavformat/nsvdec.c b/libavformat/nsvdec.c
index 72d626a..76bcd4a 100644
--- a/libavformat/nsvdec.c
+++ b/libavformat/nsvdec.c
@@ -314,6 +314,8 @@ static int nsv_parse_NSVf_header(AVFormatContext *s, AVFormatParameters *ap)
         char quote;
 
         p = strings = av_mallocz(strings_size + 1);
+        if (!p)
+            return AVERROR(ENOMEM);
         endp = strings + strings_size;
         avio_read(pb, strings, strings_size);
         while (p < endp) {
-- 
1.7.5.4



More information about the ffmpeg-devel mailing list