ffmpeg | branch: release/2.8 | Paul B Mahol <one...@gmail.com> | Wed Sep 23 19:07:48 2015 +0200| [40ebeee3fc3516ede3709427e3b23c13a8a045fa] | committer: Andreas Cadhalpun
avformat/brstm: fix overflow Signed-off-by: Paul B Mahol <one...@gmail.com> (cherry picked from commit 3441fef0f8bfcdfbad69b49b7fc526fcdb2185cd) Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=40ebeee3fc3516ede3709427e3b23c13a8a045fa --- libavformat/brstm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/brstm.c b/libavformat/brstm.c index 7ad40b0..6eae9d9 100644 --- a/libavformat/brstm.c +++ b/libavformat/brstm.c @@ -389,6 +389,10 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt) codec->codec_id == AV_CODEC_ID_ADPCM_THP_LE) { uint8_t *dst; + if (size > (INT_MAX - 32 - 4) || + (32 + 4 + size) > (INT_MAX / codec->channels) || + (32 + 4 + size) * codec->channels > INT_MAX - 8) + return AVERROR_INVALIDDATA; if (av_new_packet(pkt, 8 + (32 + 4 + size) * codec->channels) < 0) return AVERROR(ENOMEM); dst = pkt->data; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
