ffmpeg | branch: release/2.5 | Michael Niedermayer <[email protected]> | Mon May 11 15:37:38 2015 +0200| [699357dd4ea492a83d84baac287cfd363974f8b2] | committer: Michael Niedermayer
avformat/matroskaenc: Check ff_vorbiscomment_length in put_flac_codecpriv() Its currently guaranteed to be smaller but its safer to check anyway Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 66f26b3e8ec075298e7ba329a55893d085bafe96) Signed-off-by: Michael Niedermayer <[email protected]> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=699357dd4ea492a83d84baac287cfd363974f8b2 --- libavformat/matroskaenc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index e8e8da0..fe81e11 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -543,12 +543,15 @@ static int put_flac_codecpriv(AVFormatContext *s, "Lavf" : LIBAVFORMAT_IDENT; AVDictionary *dict = NULL; uint8_t buf[32], *data, *p; - int len; + int64_t len; snprintf(buf, sizeof(buf), "0x%"PRIx64, codec->channel_layout); av_dict_set(&dict, "WAVEFORMATEXTENSIBLE_CHANNEL_MASK", buf, 0); len = ff_vorbiscomment_length(dict, vendor); + if (len >= ((1<<24) - 4)) + return AVERROR(EINVAL); + data = av_malloc(len + 4); if (!data) { av_dict_free(&dict); _______________________________________________ ffmpeg-cvslog mailing list [email protected] http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
