On Sun, Aug 10, 2014 at 12:01 PM, Mark Reid <mindm...@gmail.com> wrote: > --- > libavformat/movenc.c | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > > diff --git a/libavformat/movenc.c b/libavformat/movenc.c > index 6a38e89..85fb2e8 100644 > --- a/libavformat/movenc.c > +++ b/libavformat/movenc.c > @@ -1340,13 +1340,21 @@ static int mov_write_rtp_tag(AVIOContext *pb, > MOVTrack *track) > return update_size(pb, pos); > } > > -static int mov_write_source_reference_tag(AVIOContext *pb, MOVTrack *track, > const char *reel_name){ > +static int mov_write_source_reference_tag(AVIOContext *pb, MOVTrack *track, > const char *reel_name) > +{ > + uint64_t str_size =strlen(reel_name); > + if (str_size >= UINT16_MAX){
> + av_log(NULL, AV_LOG_ERROR, "reel_name length %llu is too large\n", > str_size); Shouldn't llu be PRIu64? > + avio_wb16(pb, 0); > + return AVERROR(EINVAL); > + } > + > int64_t pos = avio_tell(pb); > avio_wb32(pb, 0); /* size */ > ffio_wfourcc(pb, "name"); /* Data format */ > - avio_wb16(pb, strlen(reel_name)); /* string size */ > + avio_wb16(pb, str_size); /* string size */ > avio_wb16(pb, track->language); /* langcode */ > - avio_write(pb, reel_name, strlen(reel_name)); /* reel name */ > + avio_write(pb, reel_name, str_size); /* reel name */ > return update_size(pb,pos); > } > > -- > 2.0.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel