idcin: check chunk_size value before using it

Fixes integer overflow. Fixes CID732223.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
This commit is contained in:
Paul B Mahol 2012-10-15 15:48:13 +00:00
parent 3f8148911c
commit 295218f531

View File

@ -256,6 +256,8 @@ static int idcin_read_packet(AVFormatContext *s,
chunk_size = avio_rl32(pb); chunk_size = avio_rl32(pb);
/* skip the number of decoded bytes (always equal to width * height) */ /* skip the number of decoded bytes (always equal to width * height) */
avio_skip(pb, 4); avio_skip(pb, 4);
if (chunk_size < 4)
return AVERROR_INVALIDDATA;
chunk_size -= 4; chunk_size -= 4;
ret= av_get_packet(pb, pkt, chunk_size); ret= av_get_packet(pb, pkt, chunk_size);
if (ret < 0) if (ret < 0)