Module: libav
Branch: master
Commit: 24130234cd9dd733116d17b724ea4c8e12ce097a
Author: Luca Barbato <lu_z...@gentoo.org>
Committer: Luca Barbato <lu_z...@gentoo.org>
Date: Fri Aug 19 18:35:33 2016 +0200
rtpdec_mpeg4: validate fmtp fields
---
libavformat/rtpdec_mpeg4.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/libavformat/rtpdec_mpeg4.c b/libavformat/rtpdec_mpeg4.c
index d5fea4f..bc50da2 100644
--- a/libavformat/rtpdec_mpeg4.c
+++ b/libavformat/rtpdec_mpeg4.c
@@ -290,11 +290,22 @@ static int parse_fmtp(AVFormatContext *s,
for (i = 0; attr_names[i].str; ++i) {
if (!av_strcasecmp(attr, attr_names[i].str)) {
if (attr_names[i].type == ATTR_NAME_TYPE_INT) {
+ int val = atoi(value);
+ if (val > 32) {
+ av_log(s, AV_LOG_ERROR,
+ "The %s field size is invalid (%d).",
+ attr, val);
+ return AVERROR_INVALIDDATA;
+ }
*(int *)((char *)data+
- attr_names[i].offset) = atoi(value);
- } else if (attr_names[i].type == ATTR_NAME_TYPE_STR)
+ attr_names[i].offset) = val;
+ } else if (attr_names[i].type == ATTR_NAME_TYPE_STR) {
+ char *val = av_strdup(value);
+ if (!val)
+ return AVERROR(ENOMEM);
*(char **)((char *)data+
- attr_names[i].offset) = av_strdup(value);
+ attr_names[i].offset) = val;
+ }
}
}
}
_______________________________________________
libav-commits mailing list
libav-commits@libav.org
https://lists.libav.org/mailman/listinfo/libav-commits
