sön 2022-03-20 klockan 15:06 +0100 skrev Michael Niedermayer: > On Sun, Mar 20, 2022 at 02:05:41PM +0100, Tomas Härdin wrote: > > lör 2022-03-19 klockan 23:50 +0100 skrev Michael Niedermayer: > [...] > > > > > > > > > > > > > > > + > > > > > + //avio_read() used int > > > > > + if (c > INT_MAX / sizeof(UID)) > > > > > + return AVERROR_PATCHWELCOME; > > > > > + *count = c; > > > > > + > > > > > > > > This should already be caught by av_calloc(), no? > > > > > > the API as in the documentation of av_calloc() does not gurantee > > > this. > > > > Yes it does: > > > > The allocated memory will have size `size * nmemb` bytes. > > [...] > > `NULL` if the block cannot be allocated > > void *av_calloc(size_t nmemb, size_t size) > size_t can be larger than int, so size * nmemb may be larger than > INT_MAX
Crap, you're right. This also brings to mind the question why packages_count etc are int rather than unsigned or uint32_t.. Patch is OK then /Tomas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".