[FFmpeg-cvslog] idcin: check chunk_size value before using it
Paul B Mahol
git at videolan.org
Mon Oct 15 17:54:13 CEST 2012
ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Mon Oct 15 15:48:13 2012 +0000| [295218f531528d18f0f21937d3ddf28318898a7c] | committer: Paul B Mahol
idcin: check chunk_size value before using it
Fixes integer overflow. Fixes CID732223.
Signed-off-by: Paul B Mahol <onemda at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=295218f531528d18f0f21937d3ddf28318898a7c
---
libavformat/idcin.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/idcin.c b/libavformat/idcin.c
index f1df002..bede040 100644
--- a/libavformat/idcin.c
+++ b/libavformat/idcin.c
@@ -256,6 +256,8 @@ static int idcin_read_packet(AVFormatContext *s,
chunk_size = avio_rl32(pb);
/* skip the number of decoded bytes (always equal to width * height) */
avio_skip(pb, 4);
+ if (chunk_size < 4)
+ return AVERROR_INVALIDDATA;
chunk_size -= 4;
ret= av_get_packet(pb, pkt, chunk_size);
if (ret < 0)
More information about the ffmpeg-cvslog
mailing list