[FFmpeg-devel] [PATCH] Limit fsize before adding to pointer.
Reimar Döffinger
Reimar.Doeffinger at gmx.de
Sat Jul 30 11:47:54 CEST 2011
This avoids a theoretically possible pointer arithmetic overflow
which would lead to a crash due to reading from NULL page.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger at gmx.de>
---
libavformat/aacdec.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/libavformat/aacdec.c b/libavformat/aacdec.c
index ded11b6..c3a5029 100644
--- a/libavformat/aacdec.c
+++ b/libavformat/aacdec.c
@@ -47,6 +47,7 @@ static int adts_aac_probe(AVProbeData *p)
fsize = (AV_RB32(buf2 + 3) >> 13) & 0x1FFF;
if(fsize < 7)
break;
+ fsize = FFMIN(fsize, end - buf2);
buf2 += fsize;
}
max_frames = FFMAX(max_frames, frames);
--
1.7.5.4
More information about the ffmpeg-devel
mailing list