On Sun, Jul 13, 2014 at 11:04:35AM +0200, Katerina Barone-Adesi wrote: > >> --- a/libavformat/apetag.c > >> +++ b/libavformat/apetag.c > >> @@ -57,8 +57,8 @@ static int ape_tag_read_field(AVFormatContext *s) > >> av_log(s, AV_LOG_WARNING, "Invalid APE tag key '%s'.\n", key); > >> return -1; > >> } > >> - if (size >= UINT_MAX) > >> - return -1; > >> + if (size > (unsigned) INT32_MAX - FFMAX(1, > >> FF_INPUT_BUFFER_PADDING_SIZE)) > >> + return AVERROR_INVALIDDATA;
You can safely assume that FF_INPUT_BUFFER_PADDING_SIZE is greater than 1. Diego _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
