[FFmpeg-devel] [PATCH] Fix potential integer overflow in mov_read_keys

Sergey Volk servolk at chromium.org
Thu Sep 8 00:38:48 EEST 2016


I just realized that count+1 itself might overflow if count==UINT_MAX, so I
guess it's better to subtract 1 from the right-hand side. Attached updated
patch.

On Wed, Sep 7, 2016 at 2:21 PM, Sergey Volk <servolk at chromium.org> wrote:

> Actual allocation size is computed as (count + 1)*sizeof(meta_keys), so
> we need to check that (count + 1) won't cause overflow.
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-potential-integer-overflow-in-mov_read_keys.patch
Type: text/x-patch
Size: 982 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20160907/55fd8d6b/attachment.bin>


More information about the ffmpeg-devel mailing list