Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

rtpdec_asf: Fix integer underflow that could allow remote code execution

Browse Source 
Fixes MSVR-11-0088.
Credit:  Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Martin Storsjö <martin@martin.st>
pull/2/head
Michael Niedermayer 13 years ago committed by Martin Storsjö
parent 0ca36b4de7
commit 5ea091fb5a
1 changed files with 7 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      libavformat/rtpdec_asf.c

8
libavformat/rtpdec_asf.c
Unescape View File

@ -233,8 +233,14 @@ static int asfrtp_parse_packet(AVFormatContext *s, PayloadContext *asf,
int cur_len = start_off + len_off - off;
int prev_len = out_len;
void *newmem;
out_len += cur_len;
asf->buf = av_realloc(asf->buf, out_len);
if (FFMIN(cur_len, len - off) < 0)
return -1;
newmem = av_realloc(asf->buf, out_len);
if (!newmem)
return -1;
asf->buf = newmem;
memcpy(asf->buf + prev_len, buf + off,
FFMIN(cur_len, len - off));
avio_skip(pb, cur_len);

Write Preview
Loading…
Cancel
Save