[FFmpeg-devel] [PATCH 3/3] avformat/utils: Fix potential integer overflow in extract_extradata()
Michael Niedermayer
michael at niedermayer.cc
Thu Sep 27 01:00:26 EEST 2018
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavformat/utils.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index c1835b1ab5..3e99478ad9 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -3544,7 +3544,9 @@ static int extract_extradata(AVStream *st, AVPacket *pkt)
&extradata_size);
if (extradata) {
- avsti->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
+ av_assert0(!avsti->avctx->extradata);
+ if ((unsigned)extradata_size <= INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE)
+ avsti->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
if (!avsti->avctx->extradata) {
av_packet_unref(pkt_ref);
return AVERROR(ENOMEM);
--
2.19.0
More information about the ffmpeg-devel
mailing list