MrBesen/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

avformat/paf: Fix integer overflow and out of array read

Browse Source 
Found-by:  Laurent Butti <laurentb@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-08-09 13:23:10 +02:00
parent c9837613ed
commit f58cd2867a
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavformat/paf.c
View File

@ -233,10 +233,11 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt)
p->current_frame_block++;
}
size = p->video_size - p->frames_offset_table[p->current_frame];
if (size < 1)
if (p->frames_offset_table[p->current_frame] >= p->video_size)
return AVERROR_INVALIDDATA;
size = p->video_size - p->frames_offset_table[p->current_frame];
if (av_new_packet(pkt, size) < 0)
return AVERROR(ENOMEM);