[FFmpeg-devel] [PATCH 1/3] avformat/vividas: Check return value before storing it in smaller type
Andreas Rheinhardt
andreas.rheinhardt at gmail.com
Thu Aug 6 02:33:56 EEST 2020
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
libavformat/vividas.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libavformat/vividas.c b/libavformat/vividas.c
index b0f9f35ac2..708adc8801 100644
--- a/libavformat/vividas.c
+++ b/libavformat/vividas.c
@@ -432,19 +432,20 @@ static int track_index(VividasDemuxContext *viv, AVFormatContext *s, uint8_t *bu
AVIOContext pb0, *pb = &pb0;
int i;
int64_t filesize = avio_size(s->pb);
+ uint64_t n_sb_blocks_tmp;
ffio_init_context(pb, buf, size, 0, NULL, NULL, NULL, NULL);
ffio_read_varlen(pb); // track_index_len
avio_r8(pb); // 'c'
- viv->n_sb_blocks = ffio_read_varlen(pb);
- if (viv->n_sb_blocks < 0 || viv->n_sb_blocks > size / 2)
+ n_sb_blocks_tmp = ffio_read_varlen(pb);
+ if (n_sb_blocks_tmp > size / 2)
goto error;
- viv->sb_blocks = av_calloc(viv->n_sb_blocks, sizeof(VIV_SB_block));
+ viv->sb_blocks = av_calloc(n_sb_blocks_tmp, sizeof(*viv->sb_blocks));
if (!viv->sb_blocks) {
- viv->n_sb_blocks = 0;
return AVERROR(ENOMEM);
}
+ viv->n_sb_blocks = n_sb_blocks_tmp;
off = 0;
poff = 0;
--
2.20.1
More information about the ffmpeg-devel
mailing list