[FFmpeg-devel] [PATCH] Fix potential integer overflow in mov_read_keys

Michael Niedermayer michael at niedermayer.cc
Thu Sep 8 12:37:48 EEST 2016


On Wed, Sep 07, 2016 at 02:38:48PM -0700, Sergey Volk wrote:
> I just realized that count+1 itself might overflow if count==UINT_MAX, so I
> guess it's better to subtract 1 from the right-hand side. Attached updated
> patch.
> 
> On Wed, Sep 7, 2016 at 2:21 PM, Sergey Volk <servolk at chromium.org> wrote:
> 
> > Actual allocation size is computed as (count + 1)*sizeof(meta_keys), so
> > we need to check that (count + 1) won't cause overflow.
> >
> >

>  mov.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 5f372bd81ec31f48d8a4b78f82a4ab9c82a9bb43  0001-Fix-potential-integer-overflow-in-mov_read_keys.patch
> From 87a7a2e202ebb63362715054773a89ce1fc71743 Mon Sep 17 00:00:00 2001
> From: Sergey Volk <servolk at google.com>
> Date: Wed, 7 Sep 2016 14:05:35 -0700
> Subject: [PATCH] Fix potential integer overflow in mov_read_keys
> 
> Actual allocation size is computed as (count + 1)*sizeof(meta_keys), so
> we need to check that (count + 1) won't cause overflow.
> ---
>  libavformat/mov.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

applied

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

No human being will ever know the Truth, for even if they happen to say it
by chance, they would not even known they had done so. -- Xenophanes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20160908/8710a106/attachment.sig>


More information about the ffmpeg-devel mailing list