highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

flvdec: Check for overflow before allocating arrays

Browse Source 
On allocation, the array length is multiplied by sizeof(int64_t),
this prevents the multiplication from overflowing.

Signed-off-by: Martin Storsjö <martin@martin.st>
This commit is contained in:
Michael Niedermayer
2011-09-24 18:57:31 +03:00
committed by Martin Storsjö
parent 9b921a8272
commit a246cefa75
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libavformat/flvdec.c
View File

@ -161,6 +161,9 @@ static int parse_keyframes_index(AVFormatContext *s, AVIOContext *ioc, AVStream
break; break;
arraylen = avio_rb32(ioc); arraylen = avio_rb32(ioc);
if (arraylen >> 28)
break;
/* /*
* Expect only 'times' or 'filepositions' sub-arrays in other case refuse to use such metadata * Expect only 'times' or 'filepositions' sub-arrays in other case refuse to use such metadata
* for indexing * for indexing