Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

jvdec: avoid unsigned overflow in comparison

Browse Source 
The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size
is 3, the right side overflows leading to a wrong result of the
comparison and subsequently a heap buffer overflow.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
pull/160/head
Andreas Cadhalpun 9 years ago
parent 7f7fa90f7b
commit db374790c7
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      libavformat/jvdec.c

2
libavformat/jvdec.c
Unescape View File

@ -54,7 +54,7 @@ typedef struct JVDemuxContext {
static int read_probe(AVProbeData *pd) static int read_probe(AVProbeData *pd)
{ {
if (pd->buf[0] == 'J' && pd->buf[1] == 'V' && strlen(MAGIC) <= pd->buf_size - 4 && if (pd->buf[0] == 'J' && pd->buf[1] == 'V' && strlen(MAGIC) + 4 <= pd->buf_size &&
!memcmp(pd->buf + 4, MAGIC, strlen(MAGIC))) !memcmp(pd->buf + 4, MAGIC, strlen(MAGIC)))
return AVPROBE_SCORE_MAX; return AVPROBE_SCORE_MAX;
return 0; return 0;

Write Preview
Loading…
Cancel
Save