[FFmpeg-devel] [PATCH 3/3] avformat/utils: Fix potential integer overflow in extract_extradata()
Michael Niedermayer
michael at niedermayer.cc
Sat Oct 6 23:18:48 EEST 2018
On Wed, Sep 26, 2018 at 07:12:13PM -0300, James Almer wrote:
> On 9/26/2018 7:00 PM, Michael Niedermayer wrote:
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavformat/utils.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/libavformat/utils.c b/libavformat/utils.c
> > index c1835b1ab5..3e99478ad9 100644
> > --- a/libavformat/utils.c
> > +++ b/libavformat/utils.c
> > @@ -3544,7 +3544,9 @@ static int extract_extradata(AVStream *st, AVPacket *pkt)
> > &extradata_size);
> >
> > if (extradata) {
> > - avsti->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
> > + av_assert0(!avsti->avctx->extradata);
> > + if ((unsigned)extradata_size <= INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE)
> > + avsti->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
>
> There's a FF_MAX_EXTRADATA_SIZE define in internal.h
seems this isnt used much
will use it and apply
thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
I do not agree with what you have to say, but I'll defend to the death your
right to say it. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20181006/5482151e/attachment.sig>
More information about the ffmpeg-devel
mailing list