mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2024-12-11 09:35:22 +00:00
idcin: check chunk_size value before using it
Fixes integer overflow. Fixes CID732223. Signed-off-by: Paul B Mahol <onemda@gmail.com>
This commit is contained in:
parent
3f8148911c
commit
295218f531
@ -256,6 +256,8 @@ static int idcin_read_packet(AVFormatContext *s,
|
|||||||
chunk_size = avio_rl32(pb);
|
chunk_size = avio_rl32(pb);
|
||||||
/* skip the number of decoded bytes (always equal to width * height) */
|
/* skip the number of decoded bytes (always equal to width * height) */
|
||||||
avio_skip(pb, 4);
|
avio_skip(pb, 4);
|
||||||
|
if (chunk_size < 4)
|
||||||
|
return AVERROR_INVALIDDATA;
|
||||||
chunk_size -= 4;
|
chunk_size -= 4;
|
||||||
ret= av_get_packet(pb, pkt, chunk_size);
|
ret= av_get_packet(pb, pkt, chunk_size);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
|
Loading…
Reference in New Issue
Block a user