[SCM] libav/experimental: Check unp_size for possible overflows too
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Jun 30 16:07:07 UTC 2013
The following commit has been merged in the experimental branch:
commit f0dd9d4505675daa0f4fda6fcf4274416a23bf24
Author: Kostya Shishkov <kostya.shishkov at gmail.com>
Date: Fri Sep 14 06:01:29 2007 +0000
Check unp_size for possible overflows too
Originally committed as revision 10490 to svn://svn.ffmpeg.org/ffmpeg/trunk
diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index e185f4d..614f301 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -590,7 +590,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
}
stereo = get_bits1(&gb);
bits = get_bits1(&gb);
- if ((unp_size << !bits) > *data_size) {
+ if (unp_size & 0xC0000000 || (unp_size << !bits) > *data_size) {
av_log(avctx, AV_LOG_ERROR, "Frame is too large to fit in buffer\n");
return -1;
}
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list