[FFmpeg-cvslog] avformat/aviobuf: Stop restricting dynamic buffer sizes to INT_MAX/2

[Andreas Rheinhardt]

ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Sun May 24 04:04:29 2020 +0200| [fa0bc627c5d83f5d8c8f16dec3f46d8c66304488] | committer: Andreas Rheinhardt

avformat/aviobuf: Stop restricting dynamic buffer sizes to INT_MAX/2

This has originally been done in 568e18b15e2ddf494fd8926707d34ca08c8edce5
as a precaution against integer overflows, but it is actually easy to
support the full range of int without overflows.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fa0bc627c5d83f5d8c8f16dec3f46d8c66304488
---

 libavformat/aviobuf.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
index 12408fd211..85f6f06de0 100644
--- a/libavformat/aviobuf.c
+++ b/libavformat/aviobuf.c
@@ -1288,7 +1288,7 @@ static int dyn_buf_write(void *opaque, uint8_t *buf, int buf_size)
 
     /* reallocate buffer if needed */
     new_size = (unsigned)d->pos + buf_size;
-    if (new_size < d->pos || new_size > INT_MAX/2)
+    if (new_size < d->pos || new_size > INT_MAX)
         return -1;
     if (new_size > d->allocated_size) {
         unsigned new_allocated_size = d->allocated_size ? d->allocated_size
@@ -1297,6 +1297,8 @@ static int dyn_buf_write(void *opaque, uint8_t *buf, int buf_size)
         while (new_size > new_allocated_size)
             new_allocated_size += new_allocated_size / 2 + 1;
 
+        new_allocated_size = FFMIN(new_allocated_size, INT_MAX);
+
         if ((err = av_reallocp(&d->buffer, new_allocated_size)) < 0) {
             d->allocated_size = 0;
             d->size = 0;