mirror of https://git.ffmpeg.org/ffmpeg.git
flacdec: fix buffer size checking in get_metadata_size()
Adds an additional check before reading the next block header and avoids a potential integer overflow when checking the metadata size against the remaining buffer size.
This commit is contained in:
parent
1430ae44e8
commit
4c5e7b27d5
|
@ -226,9 +226,11 @@ static int get_metadata_size(const uint8_t *buf, int buf_size)
|
||||||
|
|
||||||
buf += 4;
|
buf += 4;
|
||||||
do {
|
do {
|
||||||
|
if (buf_end - buf < 4)
|
||||||
|
return 0;
|
||||||
ff_flac_parse_block_header(buf, &metadata_last, NULL, &metadata_size);
|
ff_flac_parse_block_header(buf, &metadata_last, NULL, &metadata_size);
|
||||||
buf += 4;
|
buf += 4;
|
||||||
if (buf + metadata_size > buf_end) {
|
if (buf_end - buf < metadata_size) {
|
||||||
/* need more data in order to read the complete header */
|
/* need more data in order to read the complete header */
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue