mirror of https://git.ffmpeg.org/ffmpeg.git
idcin: check for integer overflow when calling av_get_packet()
chunk_size is unsigned 32-bit, but av_get_packet() takes a signed int as the packet size.
This commit is contained in:
parent
7040e479a1
commit
33f58c3616
|
@ -278,6 +278,10 @@ static int idcin_read_packet(AVFormatContext *s,
|
|||
}
|
||||
|
||||
chunk_size = avio_rl32(pb);
|
||||
if (chunk_size < 4 || chunk_size > INT_MAX - 4) {
|
||||
av_log(s, AV_LOG_ERROR, "invalid chunk size: %u\n", chunk_size);
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
/* skip the number of decoded bytes (always equal to width * height) */
|
||||
avio_skip(pb, 4);
|
||||
chunk_size -= 4;
|
||||
|
|
Loading…
Reference in New Issue