[FFmpeg-devel] [PATCH 2/4] avformat/mxfdec: Check count in mxf_read_strong_ref_array()
Michael Niedermayer
michael at niedermayer.cc
Sun Mar 20 00:50:52 EET 2022
On Mon, Mar 14, 2022 at 08:19:51PM +0100, Tomas Härdin wrote:
> sön 2022-03-13 klockan 00:52 +0100 skrev Michael Niedermayer:
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavformat/mxfdec.c | 8 +++++++-
> > 1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > index b85c10bf19..d7cdd22c8a 100644
> > --- a/libavformat/mxfdec.c
> > +++ b/libavformat/mxfdec.c
> > @@ -932,7 +932,13 @@ static int mxf_read_cryptographic_context(void
> > *arg, AVIOContext *pb, int tag, i
> >
> > static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs,
> > int *count)
> > {
> > - *count = avio_rb32(pb);
> > + unsigned c = avio_rb32(pb);
>
> not uint32_t?
we dont need an exact length variable here
>
> > +
> > + //avio_read() used int
> > + if (c > INT_MAX / sizeof(UID))
> > + return AVERROR_PATCHWELCOME;
> > + *count = c;
> > +
>
> This should already be caught by av_calloc(), no?
the API as in the documentation of av_calloc() does not gurantee
this. Its bad practice if we write code that depends on some implementation
of some code in a diferent module/lib
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Does the universe only have a finite lifespan? No, its going to go on
forever, its just that you wont like living in it. -- Hiranya Peiri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20220319/87ea2202/attachment.sig>
More information about the ffmpeg-devel
mailing list