[FFmpeg-cvslog] flvdec: Check for overflow before allocating arrays
Michael Niedermayer
git at videolan.org
Mon Sep 26 00:01:19 CEST 2011
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Sep 24 18:57:31 2011 +0300| [a246cefa75aed2ade315d6d09068aacb6b0fe76b] | committer: Martin Storsjö
flvdec: Check for overflow before allocating arrays
On allocation, the array length is multiplied by sizeof(int64_t),
this prevents the multiplication from overflowing.
Signed-off-by: Martin Storsjö <martin at martin.st>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a246cefa75aed2ade315d6d09068aacb6b0fe76b
---
libavformat/flvdec.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index 474c4d8..ad00c65 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -161,6 +161,9 @@ static int parse_keyframes_index(AVFormatContext *s, AVIOContext *ioc, AVStream
break;
arraylen = avio_rb32(ioc);
+ if (arraylen >> 28)
+ break;
+
/*
* Expect only 'times' or 'filepositions' sub-arrays in other case refuse to use such metadata
* for indexing
More information about the ffmpeg-cvslog
mailing list