On 2/4/12, Justin Ruggles <[email protected]> wrote: > --- > i had a typo in the last patch. > > libavformat/ape.c | 8 ++++++++ > 1 files changed, 8 insertions(+), 0 deletions(-) > > diff --git a/libavformat/ape.c b/libavformat/ape.c > index 972b7a3..e54c4eb 100644 > --- a/libavformat/ape.c > +++ b/libavformat/ape.c > @@ -379,6 +379,14 @@ static int ape_read_packet(AVFormatContext * s, > AVPacket * pkt) > else > nblocks = ape->blocksperframe; > > + if (ape->frames[ape->currentframe].size <= 0 || > + ape->frames[ape->currentframe].size > INT_MAX - extra_size) { > + av_log(s, AV_LOG_ERROR, "invalid packet size: %d\n", > + ape->frames[ape->currentframe].size); > + ape->currentframe++; > + return AVERROR(EIO); > + } > + > if (av_new_packet(pkt, ape->frames[ape->currentframe].size + > extra_size) < 0) > return AVERROR(ENOMEM); >
lgtm _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
