[FFmpeg-cvslog] avformat/aiffdec: fix signed integer overflow

Paul B Mahol git at videolan.org
Wed Sep 25 18:49:20 EEST 2019


ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Wed Sep 25 17:36:52 2019 +0200| [d58752bcb923f48d372c0377c07990dd6379a1a9] | committer: Paul B Mahol

avformat/aiffdec: fix signed integer overflow

Fixes #8151

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d58752bcb923f48d372c0377c07990dd6379a1a9
---

 libavformat/aiffdec.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
index 61ef099f26..a42987c15f 100644
--- a/libavformat/aiffdec.c
+++ b/libavformat/aiffdec.c
@@ -243,7 +243,10 @@ static int aiff_read_header(AVFormatContext *s)
         if (size < 0)
             return size;
 
-        filesize -= size + 8;
+        if (size >= 0x7fffffff - 8)
+            filesize = 0;
+        else
+            filesize -= size + 8;
 
         switch (tag) {
         case MKTAG('C', 'O', 'M', 'M'):     /* Common chunk */



More information about the ffmpeg-cvslog mailing list