[FFmpeg-devel] [PATCH 2/5] avformat/mpeg: Check len in mpegps_probe()
Michael Niedermayer
michael at niedermayer.cc
Fri Jun 7 03:32:12 EEST 2024
Fixes: CID1473590 Untrusted loop bound
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavformat/mpeg.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/mpeg.c b/libavformat/mpeg.c
index 5556861e1c4..c3dff3e4ea2 100644
--- a/libavformat/mpeg.c
+++ b/libavformat/mpeg.c
@@ -76,6 +76,9 @@ static int mpegps_probe(const AVProbeData *p)
int pes = endpes <= i && check_pes(p->buf + i, p->buf + p->buf_size);
int pack = check_pack_header(p->buf + i);
+ if (len > INT_MAX - i)
+ break;
+
if (code == SYSTEM_HEADER_START_CODE)
sys++;
else if (code == PACK_START_CODE && pack)
--
2.45.2
More information about the ffmpeg-devel
mailing list