[FFmpeg-devel] [HACK] Remove MAX_STREAMS usages
Aurelien Jacobs
aurel
Wed Oct 6 22:54:14 CEST 2010
On Wed, Aug 11, 2010 at 05:30:56PM +0200, Aurelien Jacobs wrote:
> On Tue, Aug 10, 2010 at 03:40:49PM +0200, Reimar D?ffinger wrote:
> > On Tue, Aug 10, 2010 at 01:14:56AM +0200, Aurelien Jacobs wrote:
> > > diff --git a/libavformat/utils.c b/libavformat/utils.c
> > > index edd3d19..363f685 100644
> > > --- a/libavformat/utils.c
> > > +++ b/libavformat/utils.c
> > > @@ -2516,13 +2516,20 @@ void av_close_input_file(AVFormatContext *s)
> > >
> > > AVStream *av_new_stream(AVFormatContext *s, int id)
> > > {
> > > - AVStream *st;
> > > + AVStream **streams, *st;
> > > int i;
> > >
> > > +#if LIBAVFORMAT_VERSION_MAJOR < 53
> > > if (s->nb_streams >= MAX_STREAMS){
> > > av_log(s, AV_LOG_ERROR, "Too many streams\n");
> > > return NULL;
> > > }
> > > +#else
> > > + streams = av_realloc(s->streams, (s->nb_streams + 1) * sizeof(*streams));
> > > + if (!streams)
> > > + return NULL;
> > > + s->streams = streams;
> > > +#endif
> >
> > You removed the integer overflow check, thus making it exploitable
> > (at the very least to make it crash).
>
> Indeed, I was a bit too fast about this.
> Fixed version attached.
Applied.
Aurel
More information about the ffmpeg-devel
mailing list