---
i had a typo in the last patch.
libavformat/ape.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/libavformat/ape.c b/libavformat/ape.c
index 972b7a3..e54c4eb 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -379,6 +379,14 @@ static int ape_read_packet(AVFormatContext * s, AVPacket *
pkt)
else
nblocks = ape->blocksperframe;
+ if (ape->frames[ape->currentframe].size <= 0 ||
+ ape->frames[ape->currentframe].size > INT_MAX - extra_size) {
+ av_log(s, AV_LOG_ERROR, "invalid packet size: %d\n",
+ ape->frames[ape->currentframe].size);
+ ape->currentframe++;
+ return AVERROR(EIO);
+ }
+
if (av_new_packet(pkt, ape->frames[ape->currentframe].size + extra_size)
< 0)
return AVERROR(ENOMEM);
--
1.7.1
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
