[SCM] libav/experimental: protect malloc overflow
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Jun 30 16:15:35 UTC 2013
The following commit has been merged in the experimental branch:
commit 852859ff7cd29a926a9a7e811d77192b61a6956e
Author: Baptiste Coudurier <baptiste.coudurier at gmail.com>
Date: Mon Feb 25 12:45:59 2008 +0000
protect malloc overflow
Originally committed as revision 12208 to svn://svn.ffmpeg.org/ffmpeg/trunk
diff --git a/libavformat/mov.c b/libavformat/mov.c
index b03c44c..f5a7bbf 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -291,6 +291,8 @@ static int mov_read_esds(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
len = mp4_read_descr(c, pb, &tag);
if (tag == MP4DecSpecificDescrTag) {
dprintf(c->fc, "Specific MPEG4 header len=%d\n", len);
+ if((uint64_t)len > (1<<30))
+ return -1;
st->codec->extradata = av_mallocz(len + FF_INPUT_BUFFER_PADDING_SIZE);
if (!st->codec->extradata)
return AVERROR(ENOMEM);
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list