Module: libav Branch: release/11 Commit: 43dff2ef1ef66de010eda4f6c44e78ab031a0769
Author: Martin Storsjö <[email protected]> Committer: Sean McGovern <[email protected]> Date: Thu Dec 15 10:24:20 2016 +0200 http: Check for negative chunk sizes A negative chunk size is illegal and would end up used as length for memcpy, where it would lead to memory accesses out of bounds. Found-by: Paul Cher <[email protected]> CC: [email protected] Signed-off-by: Martin Storsjö <[email protected]> (cherry picked from commit 131644677970a3c4a0096270ea2a5b5d437c2e63) Signed-off-by: Sean McGovern <[email protected]> --- libavformat/http.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/http.c b/libavformat/http.c index f82002c..06ab599 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -777,8 +777,9 @@ static int http_read_stream(URLContext *h, uint8_t *buf, int size) av_dlog(NULL, "Chunked encoding data size: %"PRId64"'\n", s->chunksize); - - if (!s->chunksize) + if (s->chunksize < 0) + return AVERROR_INVALIDDATA; + else if (!s->chunksize) return 0; break; } _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
