subject:"\[FFmpeg\-devel\] \[PATCH\] Fix potential integer overflow in mov_read_keys"

Re: [FFmpeg-devel] [PATCH] Fix potential integer overflow in mov_read_keys

2016-09-08 Thread Michael Niedermayer

On Wed, Sep 07, 2016 at 02:38:48PM -0700, Sergey Volk wrote: > I just realized that count+1 itself might overflow if count==UINT_MAX, so I > guess it's better to subtract 1 from the right-hand side. Attached updated > patch. > > On Wed, Sep 7, 2016 at 2:21 PM, Sergey Volk

Re: [FFmpeg-devel] [PATCH] Fix potential integer overflow in mov_read_keys

2016-09-07 Thread Sergey Volk

I just realized that count+1 itself might overflow if count==UINT_MAX, so I guess it's better to subtract 1 from the right-hand side. Attached updated patch. On Wed, Sep 7, 2016 at 2:21 PM, Sergey Volk wrote: > Actual allocation size is computed as (count +

[FFmpeg-devel] [PATCH] Fix potential integer overflow in mov_read_keys

2016-09-07 Thread Sergey Volk

Actual allocation size is computed as (count + 1)*sizeof(meta_keys), so we need to check that (count + 1) won't cause overflow. From cfc0f5a099284c95476d5c020dca05fb743ff5ae Mon Sep 17 00:00:00 2001 From: Sergey Volk Date: Wed, 7 Sep 2016 14:05:35 -0700 Subject: [PATCH] Fix