ffmpeg | branch: release/3.1 | Michael Niedermayer <mich...@niedermayer.cc> | Fri Oct 21 19:45:21 2016 +0200| [9e6586ceb2f2891730557c7ec8bf5388cc7b0d94] | committer: Michael Niedermayer
avformat/mxfdec: Check size to avoid integer overflow in mxf_read_utf16_string() Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> (cherry picked from commit fecb3e82a4ba09dc11a51ad0961ab491881a53a1) Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9e6586ceb2f2891730557c7ec8bf5388cc7b0d94 --- libavformat/mxfdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 0affca9..17ffdf5 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -827,7 +827,7 @@ static inline int mxf_read_utf16_string(AVIOContext *pb, int size, char** str, i int ret; size_t buf_size; - if (size < 0) + if (size < 0 || size > INT_MAX/2) return AVERROR(EINVAL); buf_size = size + size / 2 + 1; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
