[FFmpeg-cvslog] avformat/mxfdec: Check size to avoid integer overflow in mxf_read_utf16_string()
Michael Niedermayer
git at videolan.org
Fri Oct 21 21:23:42 EEST 2016
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Fri Oct 21 19:45:21 2016 +0200| [fecb3e82a4ba09dc11a51ad0961ab491881a53a1] | committer: Michael Niedermayer
avformat/mxfdec: Check size to avoid integer overflow in mxf_read_utf16_string()
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fecb3e82a4ba09dc11a51ad0961ab491881a53a1
---
libavformat/mxfdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index cdb5c4e..d2166ee 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -717,7 +717,7 @@ static inline int mxf_read_utf16_string(AVIOContext *pb, int size, char** str, i
int ret;
size_t buf_size;
- if (size < 0)
+ if (size < 0 || size > INT_MAX/2)
return AVERROR(EINVAL);
buf_size = size + size / 2 + 1;
More information about the ffmpeg-cvslog
mailing list