On Wed, Aug 22, 2012 at 11:36:23AM -0400, Justin Ruggles wrote:
> On 08/04/2012 02:33 PM, Justin Ruggles wrote:
> > chunk_size is unsigned 32-bit, but av_get_packet() takes a signed int as the
> > packet size.
> > ---
> > libavformat/idcin.c | 4 ++++
> > 1 files changed, 4 insertions(+), 0 deletions(-)
> >
> > diff --git a/libavformat/idcin.c b/libavformat/idcin.c
> > index 74875cb..8cd86d1 100644
> > --- a/libavformat/idcin.c
> > +++ b/libavformat/idcin.c
> > @@ -278,6 +278,10 @@ static int idcin_read_packet(AVFormatContext *s,
> > }
> >
> > chunk_size = avio_rl32(pb);
> > + if (chunk_size < 4 || chunk_size > INT_MAX - 4) {
> > + av_log(s, AV_LOG_ERROR, "invalid chunk size: %u\n",
> > chunk_size);
> > + return AVERROR_INVALIDDATA;
> > + }
> > /* skip the number of decoded bytes (always equal to width *
> > height) */
> > avio_skip(pb, 4);
> > chunk_size -= 4;
>
> ping.
LGTM
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
