[FFmpeg-cvslog] flvdec: Check for overflow before allocating arrays
Michael Niedermayer
git at videolan.org
Sat Oct 1 22:47:34 CEST 2011
ffmpeg | branch: release/0.8 | Michael Niedermayer <michaelni at gmx.at> | Sat Sep 24 18:57:31 2011 +0300| [fed7f5b04f0ddde81fe1de1af725a63461a31f6f] | committer: Reinhard Tartler
flvdec: Check for overflow before allocating arrays
On allocation, the array length is multiplied by sizeof(int64_t),
this prevents the multiplication from overflowing.
Signed-off-by: Martin Storsjö <martin at martin.st>
(cherry picked from commit a246cefa75aed2ade315d6d09068aacb6b0fe76b)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fed7f5b04f0ddde81fe1de1af725a63461a31f6f
---
libavformat/flvdec.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index c6b386e..5f442f7 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -147,6 +147,9 @@ static int parse_keyframes_index(AVFormatContext *s, AVIOContext *ioc, AVStream
break;
arraylen = avio_rb32(ioc);
+ if (arraylen >> 28)
+ break;
+
/*
* Expect only 'times' or 'filepositions' sub-arrays in other case refuse to use such metadata
* for indexing
More information about the ffmpeg-cvslog
mailing list