[FFmpeg-devel] [PATCH 2/3] avcodec/utils: Fix several integer overflows.
Michael Niedermayer
michael at niedermayer.cc
Sun Jun 4 03:25:45 EEST 2017
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/utils.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index cde5849a41..feee7556ac 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -2278,6 +2278,9 @@ void avcodec_parameters_free(AVCodecParameters **ppar)
int avcodec_parameters_copy(AVCodecParameters *dst, const AVCodecParameters *src)
{
+ if (src->extradata_size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE)
+ return AVERROR(EINVAL);
+
codec_parameters_reset(dst);
memcpy(dst, src, sizeof(*dst));
@@ -2341,6 +2344,8 @@ int avcodec_parameters_from_context(AVCodecParameters *par,
}
if (codec->extradata) {
+ if (codec->extradata_size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE)
+ return AVERROR(EINVAL);
par->extradata = av_mallocz(codec->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
if (!par->extradata)
return AVERROR(ENOMEM);
@@ -2397,6 +2402,8 @@ int avcodec_parameters_to_context(AVCodecContext *codec,
}
if (par->extradata) {
+ if (par->extradata_size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE)
+ return AVERROR(EINVAL);
av_freep(&codec->extradata);
codec->extradata = av_mallocz(par->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
if (!codec->extradata)
--
2.13.0
More information about the ffmpeg-devel
mailing list