Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

avformat/mov: Fix potential integer overflow in mov_read_keys

Browse Source 
Actual allocation size is computed as (count + 1)*sizeof(meta_keys), so
we need to check that (count + 1) won't cause overflow.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
pull/232/head
Sergey Volk 8 years ago committed by Michael Niedermayer
parent 26a19f8e92
commit 347cb14b7c
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      libavformat/mov.c

2
libavformat/mov.c
Unescape View File

@ -3278,7 +3278,7 @@ static int mov_read_keys(MOVContext *c, AVIOContext *pb, MOVAtom atom)
avio_skip(pb, 4);
count = avio_rb32(pb);
if (count > UINT_MAX / sizeof(*c->meta_keys)) {
if (count > UINT_MAX / sizeof(*c->meta_keys) - 1) {
av_log(c->fc, AV_LOG_ERROR,
"The 'keys' atom with the invalid key count: %d\n", count);
return AVERROR_INVALIDDATA;

Write Preview
Loading…
Cancel
Save