Xi Wang 4e692374f7 rtmp: fix buffer overflows in ff_amf_tag_contents() ...

A negative `size' will bypass FFMIN().  In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.

Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

2013-01-23 05:29:59 +01:00

16 KiB

Raw Blame History

View Raw