On Tue, 3 Sep 2013 11:59:00 +0300, Martin Storsjö <[email protected]> wrote: > Otherwise buffer size calculations in allocate_buffers could > overflow later, making the code think a large enough buffer > actually was allocated. > > Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > CC: [email protected] > --- > libavcodec/alac.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/alac.c b/libavcodec/alac.c > index 9ef0653..d643dd3 100644 > --- a/libavcodec/alac.c > +++ b/libavcodec/alac.c > @@ -494,7 +494,8 @@ static int alac_set_info(ALACContext *alac) > bytestream2_skipu(&gb, 12); // size:4, alac:4, version:4 > > alac->max_samples_per_frame = bytestream2_get_be32u(&gb); > - if (!alac->max_samples_per_frame || alac->max_samples_per_frame > > INT_MAX) { > + if (!alac->max_samples_per_frame || > + alac->max_samples_per_frame > INT_MAX / sizeof(int32_t)) { > av_log(alac->avctx, AV_LOG_ERROR, "max samples per frame invalid: > %u\n", > alac->max_samples_per_frame); > return AVERROR_INVALIDDATA; > -- > 1.7.9.4 >
Looks ok -- Anton Khirnov _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
