On 4/23/2021 10:09 AM, Gyan Doshi wrote:
On 2021-04-23 18:22, James Almer wrote:
Should fix ticket #9196
Signed-off-by: James Almer <jamr...@gmail.com>
---
libavfilter/af_adelay.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/libavfilter/af_adelay.c b/libavfilter/af_adelay.c
index 6ac81c2a3e..1229bf5bc7 100644
--- a/libavfilter/af_adelay.c
+++ b/libavfilter/af_adelay.c
@@ -28,9 +28,9 @@
#include "internal.h"
typedef struct ChanDelay {
- int delay;
- unsigned delay_index;
- unsigned index;
+ int64_t delay;
+ size_t delay_index;
+ size_t index;
uint8_t *samples;
} ChanDelay;
@@ -152,7 +152,7 @@ static int config_input(AVFilterLink *inlink)
p = NULL;
- ret = av_sscanf(arg, "%d%c", &d->delay, &type);
+ ret = av_sscanf(arg, "%"SCNd64"%c", &d->delay, &type);
if (ret != 2 || type != 'S') {
div = type == 's' ? 1.0 : 1000.0;
if (av_sscanf(arg, "%f", &delay) != 1) {
@@ -194,6 +194,9 @@ static int config_input(AVFilterLink *inlink)
if (!d->delay)
continue;
+ if (d->delay > SIZE_MAX)
+ return AVERROR(ENOMEM);
If this can occur due to user input, it should be reported back to the
user.
It could even before this patch, as you can see in the existing
av_malloc_array() check below, but sure, i can print an av_log() error.
+
d->samples = av_malloc_array(d->delay, s->block_align);
if (!d->samples)
return AVERROR(ENOMEM);
Regards,
Gyan
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".