[FFmpeg-devel] [PATCH 1/3] avformat/vividas: Check return value before storing it in smaller type

Andreas Rheinhardt andreas.rheinhardt at gmail.com
Thu Aug 6 02:33:56 EEST 2020


Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
 libavformat/vividas.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/libavformat/vividas.c b/libavformat/vividas.c
index b0f9f35ac2..708adc8801 100644
--- a/libavformat/vividas.c
+++ b/libavformat/vividas.c
@@ -432,19 +432,20 @@ static int track_index(VividasDemuxContext *viv, AVFormatContext *s, uint8_t *bu
     AVIOContext pb0, *pb = &pb0;
     int i;
     int64_t filesize = avio_size(s->pb);
+    uint64_t n_sb_blocks_tmp;
 
     ffio_init_context(pb, buf, size, 0, NULL, NULL, NULL, NULL);
 
     ffio_read_varlen(pb); // track_index_len
     avio_r8(pb); // 'c'
-    viv->n_sb_blocks = ffio_read_varlen(pb);
-    if (viv->n_sb_blocks < 0 || viv->n_sb_blocks > size / 2)
+    n_sb_blocks_tmp = ffio_read_varlen(pb);
+    if (n_sb_blocks_tmp > size / 2)
         goto error;
-    viv->sb_blocks = av_calloc(viv->n_sb_blocks, sizeof(VIV_SB_block));
+    viv->sb_blocks = av_calloc(n_sb_blocks_tmp, sizeof(*viv->sb_blocks));
     if (!viv->sb_blocks) {
-        viv->n_sb_blocks = 0;
         return AVERROR(ENOMEM);
     }
+    viv->n_sb_blocks = n_sb_blocks_tmp;
 
     off = 0;
     poff = 0;
-- 
2.20.1



More information about the ffmpeg-devel mailing list