Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

avformat/icodec: fix integer overflow with nb_pal

Browse Source 
Fixes: runtime error: signed integer overflow
Fixes: 42536949/clusterfuzz-testcase-minimized-fuzzer_loadfile-6199846684393472
Found-by: ossfuzz
Reported-by: Kacper Michajlow
Tested-by: Kacper Michajlow
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
pull/391/head
Michael Niedermayer 3 months ago
parent 40bd6d8355
commit 84569b6c22
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      libavformat/icodec.c

2
libavformat/icodec.c
Unescape View File

@ -198,7 +198,7 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt)
AV_WL32(buf + 32, image->nb_pal); AV_WL32(buf + 32, image->nb_pal);
} }
if (image->nb_pal > INT_MAX / 4 - 14 - 40) if (image->nb_pal > INT_MAX / 4 - 14 - 40U)
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
AV_WL32(buf - 4, 14 + 40 + image->nb_pal * 4); AV_WL32(buf - 4, 14 + 40 + image->nb_pal * 4);

Write Preview
Loading…
Cancel
Save