subject:"\[FFmpeg\-cvslog\] avformat\/mov\: fix integer overflow in mov_read_udta

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

2015-03-13 Thread Michael Niedermayer

ffmpeg | branch: release/1.1 | Michael Niedermayer  | Tue Jan 
 6 04:29:10 2015 +0100| [e2e66f2f998242c7a9342df6d68f9a98fda774c9] | committer: 
Michael Niedermayer

avformat/mov: fix integer overflow in mov_read_udta_string()

Found-by: Paul Mehta 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 3859868c75313e318ebc5d0d33baada62d45dd75)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e2e66f2f998242c7a9342df6d68f9a98fda774c9
---

 libavformat/mov.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index dd5352e..df3dc39 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -388,7 +388,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext 
*pb, MOVAtom atom)
 
 if (!key)
 return 0;
-if (atom.size < 0)
+if (atom.size < 0 || str_size >= INT_MAX/2)
 return AVERROR_INVALIDDATA;
 
 str_size = FFMIN3(sizeof(str)-1, str_size, atom.size);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

2015-03-12 Thread Michael Niedermayer

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Tue 
Jan  6 04:29:10 2015 +0100| [766c1cbeb4a10589f9a31370dcc38cf788b92e8b] | 
committer: Michael Niedermayer

avformat/mov: fix integer overflow in mov_read_udta_string()

Found-by: Paul Mehta 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 3859868c75313e318ebc5d0d33baada62d45dd75)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=766c1cbeb4a10589f9a31370dcc38cf788b92e8b
---

 libavformat/mov.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 5fbd621..3fcfa79 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -245,7 +245,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext 
*pb, MOVAtom atom)
 
 if (!key)
 return 0;
-if (atom.size < 0)
+if (atom.size < 0 || str_size >= INT_MAX/2)
 return AVERROR_INVALIDDATA;
 
 str_size = FFMIN3(sizeof(str)-1, str_size, atom.size);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

2015-02-04 Thread Michael Niedermayer

ffmpeg | branch: release/1.2 | Michael Niedermayer  | Tue Jan 
 6 04:29:10 2015 +0100| [b6351f9978a4188dfc5213a863b8c08308f6fec8] | committer: 
Michael Niedermayer

avformat/mov: fix integer overflow in mov_read_udta_string()

Found-by: Paul Mehta 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 3859868c75313e318ebc5d0d33baada62d45dd75)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b6351f9978a4188dfc5213a863b8c08308f6fec8
---

 libavformat/mov.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 03a36a8..b6449f3 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -388,7 +388,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext 
*pb, MOVAtom atom)
 
 if (!key)
 return 0;
-if (atom.size < 0)
+if (atom.size < 0 || str_size >= INT_MAX/2)
 return AVERROR_INVALIDDATA;
 
 str_size = FFMIN3(sizeof(str)-1, str_size, atom.size);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

2015-01-19 Thread Michael Niedermayer

ffmpeg | branch: release/2.2 | Michael Niedermayer  | Tue Jan 
 6 04:29:10 2015 +0100| [20a03d5c93237341e15e5279fa9190a2f79bc75f] | committer: 
Michael Niedermayer

avformat/mov: fix integer overflow in mov_read_udta_string()

Found-by: Paul Mehta 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 3859868c75313e318ebc5d0d33baada62d45dd75)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20a03d5c93237341e15e5279fa9190a2f79bc75f
---

 libavformat/mov.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 0d4017b..027becf 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -386,7 +386,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext 
*pb, MOVAtom atom)
 
 if (!key)
 return 0;
-if (atom.size < 0)
+if (atom.size < 0 || str_size >= INT_MAX/2)
 return AVERROR_INVALIDDATA;
 
 str_size = FFMIN3(sizeof(str)-1, str_size, atom.size);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

2015-01-13 Thread Michael Niedermayer

ffmpeg | branch: release/2.4 | Michael Niedermayer  | Tue Jan 
 6 04:29:10 2015 +0100| [0787163cf369f114862bc7402b8410ff32bdef37] | committer: 
Michael Niedermayer

avformat/mov: fix integer overflow in mov_read_udta_string()

Found-by: Paul Mehta 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 3859868c75313e318ebc5d0d33baada62d45dd75)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0787163cf369f114862bc7402b8410ff32bdef37
---

 libavformat/mov.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index f78680a..98eb5cc 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -358,7 +358,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext 
*pb, MOVAtom atom)
 
 if (!key)
 return 0;
-if (atom.size < 0)
+if (atom.size < 0 || str_size >= INT_MAX/2)
 return AVERROR_INVALIDDATA;
 
 str_size = FFMIN3(sizeof(str)-1, str_size, atom.size);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

2015-01-09 Thread Michael Niedermayer

ffmpeg | branch: release/2.5 | Michael Niedermayer  | Tue Jan 
 6 04:29:10 2015 +0100| [25312a427bda360a98c6a38be7af9e5f686c9902] | committer: 
Michael Niedermayer

avformat/mov: fix integer overflow in mov_read_udta_string()

Found-by: Paul Mehta 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 3859868c75313e318ebc5d0d33baada62d45dd75)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=25312a427bda360a98c6a38be7af9e5f686c9902
---

 libavformat/mov.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 3a93897..11fdcf0 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -355,7 +355,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext 
*pb, MOVAtom atom)
 
 if (!key)
 return 0;
-if (atom.size < 0)
+if (atom.size < 0 || str_size >= INT_MAX/2)
 return AVERROR_INVALIDDATA;
 
 str_size_alloc = str_size << 1; // worst-case requirement for output 
string in case of utf8 coded input

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

2015-01-06 Thread Michael Niedermayer

ffmpeg | branch: release/2.3 | Michael Niedermayer  | Tue Jan 
 6 04:29:10 2015 +0100| [ffe915b6f596de5fc54eabf631b7b9b1a19aaa63] | committer: 
Michael Niedermayer

avformat/mov: fix integer overflow in mov_read_udta_string()

Found-by: Paul Mehta 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 3859868c75313e318ebc5d0d33baada62d45dd75)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ffe915b6f596de5fc54eabf631b7b9b1a19aaa63
---

 libavformat/mov.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 3711d29..d7e5669 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -359,7 +359,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext 
*pb, MOVAtom atom)
 
 if (!key)
 return 0;
-if (atom.size < 0)
+if (atom.size < 0 || str_size >= INT_MAX/2)
 return AVERROR_INVALIDDATA;
 
 str_size = FFMIN3(sizeof(str)-1, str_size, atom.size);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

2015-01-05 Thread Michael Niedermayer

ffmpeg | branch: master | Michael Niedermayer  | Tue Jan  6 
04:29:10 2015 +0100| [3859868c75313e318ebc5d0d33baada62d45dd75] | committer: 
Michael Niedermayer

avformat/mov: fix integer overflow in mov_read_udta_string()

Found-by: Paul Mehta 
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3859868c75313e318ebc5d0d33baada62d45dd75
---

 libavformat/mov.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index ba79378..f2a66b8 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -375,7 +375,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext 
*pb, MOVAtom atom)
 
 if (!key)
 return 0;
-if (atom.size < 0)
+if (atom.size < 0 || str_size >= INT_MAX/2)
 return AVERROR_INVALIDDATA;
 
 // worst-case requirement for output string in case of utf8 coded input

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

8 matches

Site Navigation

Mail list logo

Footer information