mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2024-12-24 08:12:44 +00:00
avformat/vividas: check if value from ffio_read_varlen() is too big
This commit is contained in:
parent
53d3a1c514
commit
297e65c676
@ -618,9 +618,11 @@ static int viv_read_packet(AVFormatContext *s,
|
||||
off += viv->sb_entries[viv->current_sb_entry].size;
|
||||
|
||||
if (viv->sb_entries[viv->current_sb_entry].flag == 0) {
|
||||
int v_size = ffio_read_varlen(pb);
|
||||
uint64_t v_size = ffio_read_varlen(pb);
|
||||
|
||||
ffio_read_varlen(pb);
|
||||
if (v_size > INT_MAX)
|
||||
return AVERROR_INVALIDDATA;
|
||||
ret = av_get_packet(pb, pkt, v_size);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
@ -646,8 +648,10 @@ static int viv_read_packet(AVFormatContext *s,
|
||||
viv->current_audio_subpacket = 0;
|
||||
|
||||
} else {
|
||||
int v_size = ffio_read_varlen(pb);
|
||||
uint64_t v_size = ffio_read_varlen(pb);
|
||||
|
||||
if (v_size > INT_MAX)
|
||||
return AVERROR_INVALIDDATA;
|
||||
ret = av_get_packet(pb, pkt, v_size);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
Loading…
Reference in New Issue
Block a user