ffmpeg | branch: release/2.2 | Michael Niedermayer <michae...@gmx.at> | Tue Jan 6 04:29:10 2015 +0100| [20a03d5c93237341e15e5279fa9190a2f79bc75f] | committer: Michael Niedermayer
avformat/mov: fix integer overflow in mov_read_udta_string() Found-by: Paul Mehta <p...@paulmehta.com> Signed-off-by: Michael Niedermayer <michae...@gmx.at> (cherry picked from commit 3859868c75313e318ebc5d0d33baada62d45dd75) Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20a03d5c93237341e15e5279fa9190a2f79bc75f --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 0d4017b..027becf 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -386,7 +386,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (!key) return 0; - if (atom.size < 0) + if (atom.size < 0 || str_size >= INT_MAX/2) return AVERROR_INVALIDDATA; str_size = FFMIN3(sizeof(str)-1, str_size, atom.size); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
