MrBesen/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

avcodec/movtextenc: Check for too many styles

Browse Source 
The counter for the number of styles is written on two bytes, ergo
anything > UINT16_MAX is invalid. This also fixes a compiler warning
because of a tautologically true check on 64bit systems.

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
This commit is contained in:
Andreas Rheinhardt 2021-02-20 23:42:04 +01:00
parent 78d5e1c653
commit 1c9e53d70b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/movtextenc.c
View File

@ -355,7 +355,7 @@ static int mov_text_style_start(MovTextContext *s)
StyleBox *tmp;
// last style != defaults, end the style entry and start a new one
if (s->count + 1 > SIZE_MAX / sizeof(*s->style_attributes) ||
if (s->count + 1 > FFMIN(SIZE_MAX / sizeof(*s->style_attributes), UINT16_MAX) ||
!(tmp = av_fast_realloc(s->style_attributes,
&s->style_attributes_bytes_allocated,
(s->count + 1) * sizeof(*s->style_attributes)))) {