[SCM] libav/experimental: 10l, protect malloc overflow
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Jun 30 16:15:34 UTC 2013
The following commit has been merged in the experimental branch:
commit 9c7fd997f794d3180ef4cbde019e4827ff309988
Author: Baptiste Coudurier <baptiste.coudurier at gmail.com>
Date: Mon Feb 25 12:38:37 2008 +0000
10l, protect malloc overflow
Originally committed as revision 12205 to svn://svn.ffmpeg.org/ffmpeg/trunk
diff --git a/libavformat/aiff.c b/libavformat/aiff.c
index 7ff75b6..1685a30 100644
--- a/libavformat/aiff.c
+++ b/libavformat/aiff.c
@@ -368,6 +368,8 @@ static int aiff_read_header(AVFormatContext *s,
url_fskip(pb, size - 8);
break;
case MKTAG('w', 'a', 'v', 'e'):
+ if ((uint64_t)size > (1<<30))
+ return -1;
st->codec->extradata = av_mallocz(size + FF_INPUT_BUFFER_PADDING_SIZE);
if (!st->codec->extradata)
return AVERROR(ENOMEM);
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list