[MPlayer-cvslog] r37649 - trunk/libmpdemux/demux_mov.c
reimar
subversion at mplayerhq.hu
Tue Feb 9 23:22:19 CET 2016
Author: reimar
Date: Tue Feb 9 23:22:19 2016
New Revision: 37649
Log:
demux_mov: Make check overflow-safe.
Modified:
trunk/libmpdemux/demux_mov.c
Modified: trunk/libmpdemux/demux_mov.c
==============================================================================
--- trunk/libmpdemux/demux_mov.c Tue Feb 9 23:19:05 2016 (r37648)
+++ trunk/libmpdemux/demux_mov.c Tue Feb 9 23:22:19 2016 (r37649)
@@ -748,7 +748,7 @@ static int gen_sh_audio(sh_audio_t* sh,
int frma_len = char2int(trak->stdata,52);
switch(char2int(trak->stdata,52+8)) {
case MOV_FOURCC('a','l','a','c'):
- if (len >= 36 + frma_len) {
+ if (len >= 36 && frma_len <= len - 36) {
sh->codecdata_len = char2int(trak->stdata,52+frma_len);
mp_msg(MSGT_DEMUX, MSGL_V, "MOV: Found alac atom (%d)!\n", sh->codecdata_len);
sh->codecdata = malloc(sh->codecdata_len);
More information about the MPlayer-cvslog
mailing list