[FFmpeg-cvslog] Limit fsize before adding to pointer.
    Reimar Döffinger 
    git at videolan.org
       
    Sun Jul 31 19:40:40 CEST 2011
    
    
  
ffmpeg | branch: master | Reimar Döffinger <Reimar.Doeffinger at gmx.de> | Sat Jul 30 11:45:15 2011 +0200| [b39f872a41b92a31589052c8f914c5b52f206fd0] | committer: Reimar Döffinger
Limit fsize before adding to pointer.
This avoids a theoretically possible pointer arithmetic overflow
which would lead to a crash due to reading from NULL page.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger at gmx.de>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b39f872a41b92a31589052c8f914c5b52f206fd0
---
 libavformat/aacdec.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/libavformat/aacdec.c b/libavformat/aacdec.c
index ded11b6..c3a5029 100644
--- a/libavformat/aacdec.c
+++ b/libavformat/aacdec.c
@@ -47,6 +47,7 @@ static int adts_aac_probe(AVProbeData *p)
             fsize = (AV_RB32(buf2 + 3) >> 13) & 0x1FFF;
             if(fsize < 7)
                 break;
+            fsize = FFMIN(fsize, end - buf2);
             buf2 += fsize;
         }
         max_frames = FFMAX(max_frames, frames);
    
    
More information about the ffmpeg-cvslog
mailing list