[FFmpeg-devel] [PATCH 7/8] avformat/aviobuf: Check for overflow in ffio_read_varlen()
Andreas Rheinhardt
andreas.rheinhardt at gmail.com
Mon Dec 21 13:30:48 EET 2020
Michael Niedermayer:
> No testcase
>
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/aviobuf.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
> index 78cc60b2ae..7730547106 100644
> --- a/libavformat/aviobuf.c
> +++ b/libavformat/aviobuf.c
> @@ -917,6 +917,8 @@ uint64_t ffio_read_varlen(AVIOContext *bc){
>
> do{
> tmp = avio_r8(bc);
> + if (val > UINT64_MAX>>7)
> + return AVERROR_INVALIDDATA;
> val= (val<<7) + (tmp&127);
> }while(tmp&128);
> return val;
>
The error can't be detected at all given that the function returns an
uint64_t.
- Andreas
More information about the ffmpeg-devel
mailing list