[FFmpeg-cvslog] avformat/oggenc: Check ff_vorbiscomment_length in ogg_write_vorbiscomment( )
Michael Niedermayer
git at videolan.org
Sat May 16 00:16:15 CEST 2015
ffmpeg | branch: release/2.6 | Michael Niedermayer <michaelni at gmx.at> | Mon May 11 15:34:28 2015 +0200| [a9d3baff034cd9983a9f17a12e6d9e196e1b7e9c] | committer: Michael Niedermayer
avformat/oggenc: Check ff_vorbiscomment_length in ogg_write_vorbiscomment()
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 0db5b2b9f8a96298eeba7988d43c4eb44220fab3)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a9d3baff034cd9983a9f17a12e6d9e196e1b7e9c
---
libavformat/oggenc.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/oggenc.c b/libavformat/oggenc.c
index ca40063..873dfac 100644
--- a/libavformat/oggenc.c
+++ b/libavformat/oggenc.c
@@ -282,16 +282,18 @@ static int ogg_buffer_data(AVFormatContext *s, AVStream *st,
return 0;
}
-static uint8_t *ogg_write_vorbiscomment(int offset, int bitexact,
+static uint8_t *ogg_write_vorbiscomment(int64_t offset, int bitexact,
int *header_len, AVDictionary **m, int framing_bit)
{
const char *vendor = bitexact ? "ffmpeg" : LIBAVFORMAT_IDENT;
- int size;
+ int64_t size;
uint8_t *p, *p0;
ff_metadata_conv(m, ff_vorbiscomment_metadata_conv, NULL);
size = offset + ff_vorbiscomment_length(*m, vendor) + framing_bit;
+ if (size > INT_MAX)
+ return NULL;
p = av_mallocz(size);
if (!p)
return NULL;
More information about the ffmpeg-cvslog
mailing list