avformat/utils: Fix potential integer overflow in extract_extradata()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-09 08:39:41 +00:00 · 2018-09-27 00:00:26 +02:00 · 2018-09-27 00:00:26 +02:00 · 0a41a8bf29
commit 0a41a8bf29
parent b4a1ccfc41
1 changed files with 3 additions and 1 deletions
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@ -3544,7 +3544,9 @@ static int extract_extradata(AVStream *st, AVPacket *pkt)
                                            &extradata_size);

        if (extradata) {
-            sti->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
+            av_assert0(!sti->avctx->extradata);
+            if ((unsigned)extradata_size < FF_MAX_EXTRADATA_SIZE)
+                sti->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
            if (!sti->avctx->extradata) {
                av_packet_unref(pkt_ref);
                return AVERROR(ENOMEM);