highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rtp: Fix integer underflow that could allow remote code execution.

Browse Source 
Fixes MSVR-11-0088
Credit:  Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ba9a7e0d71bd34f8b89ae99322b62a310be163a6)
This commit is contained in:
Michael Niedermayer 2011-09-07 14:12:42 +02:00
parent b6187e48db
commit c2a2ad133e
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/rtpdec_asf.c
View File

@ -235,6 +235,8 @@ static int asfrtp_parse_packet(AVFormatContext *s, PayloadContext *asf,
int prev_len = out_len;
out_len += cur_len;
asf->buf = av_realloc(asf->buf, out_len);
if(!asf->buf || FFMIN(cur_len, len - off)<0)
return -1;
memcpy(asf->buf + prev_len, buf + off,
FFMIN(cur_len, len - off));
avio_skip(pb, cur_len);