---
libavcodec/internal.h | 2 ++
libavcodec/utils.c | 3 +++
libavformat/utils.c | 4 +++-
3 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/libavcodec/internal.h b/libavcodec/internal.h
index b5a0454..0fab902 100644
--- a/libavcodec/internal.h
+++ b/libavcodec/internal.h
@@ -94,4 +94,6 @@ unsigned int avpriv_toupper4(unsigned int x);
int avpriv_lock_avformat(void);
int avpriv_unlock_avformat(void);
+#define FF_MAX_EXTRADATA_SIZE ((1 << 28) - FF_INPUT_BUFFER_PADDING_SIZE)
+
#endif /* AVCODEC_INTERNAL_H */
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 2bc1dcf..6f4d7e6 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -610,6 +610,9 @@ int attribute_align_arg avcodec_open2(AVCodecContext
*avctx, AVCodec *codec, AVD
int ret = 0;
AVDictionary *tmp = NULL;
+ if (avctx->extradata_size < 0 || avctx->extradata_size >=
FF_MAX_EXTRADATA_SIZE)
+ return AVERROR(EINVAL);
+
if (options)
av_dict_copy(&tmp, *options, 0);
diff --git a/libavformat/utils.c b/libavformat/utils.c
index a796658..373f068 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -2442,9 +2442,11 @@ int avformat_find_stream_info(AVFormatContext *ic,
AVDictionary **options)
}
if(st->parser && st->parser->parser->split && !st->codec->extradata){
int i= st->parser->parser->split(st->codec, pkt->data, pkt->size);
- if(i){
+ if (i > 0 && i < FF_MAX_EXTRADATA_SIZE) {
st->codec->extradata_size= i;
st->codec->extradata= av_malloc(st->codec->extradata_size +
FF_INPUT_BUFFER_PADDING_SIZE);
+ if (!st->codec->extradata)
+ return AVERROR(ENOMEM);
memcpy(st->codec->extradata, pkt->data,
st->codec->extradata_size);
memset(st->codec->extradata + i, 0,
FF_INPUT_BUFFER_PADDING_SIZE);
}
--
1.7.7.3
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
