[FFmpeg-cvslog] avformat/flacenc: Check length in flac_write_block_comment()
Michael Niedermayer
git at videolan.org
Tue Jun 2 00:50:05 CEST 2015
ffmpeg | branch: release/2.4 | Michael Niedermayer <michaelni at gmx.at> | Mon May 11 15:30:32 2015 +0200| [02fe112c7c00283bcd4f4edbfe4a09d3cf60def1] | committer: Michael Niedermayer
avformat/flacenc: Check length in flac_write_block_comment()
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 40a7700b82aec0036622f8673ce64e070a520891)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=02fe112c7c00283bcd4f4edbfe4a09d3cf60def1
---
libavformat/flacenc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavformat/flacenc.c b/libavformat/flacenc.c
index b3695a2..83fc4c2 100644
--- a/libavformat/flacenc.c
+++ b/libavformat/flacenc.c
@@ -50,12 +50,14 @@ static int flac_write_block_comment(AVIOContext *pb, AVDictionary **m,
int last_block, int bitexact)
{
const char *vendor = bitexact ? "ffmpeg" : LIBAVFORMAT_IDENT;
- unsigned int len;
+ int64_t len;
uint8_t *p, *p0;
ff_metadata_conv(m, ff_vorbiscomment_metadata_conv, NULL);
len = ff_vorbiscomment_length(*m, vendor);
+ if (len >= ((1<<24) - 4))
+ return AVERROR(EINVAL);
p0 = av_malloc(len+4);
if (!p0)
return AVERROR(ENOMEM);
More information about the ffmpeg-cvslog
mailing list