mirror of https://git.ffmpeg.org/ffmpeg.git
Limit fsize before adding to pointer.
This avoids a theoretically possible pointer arithmetic overflow which would lead to a crash due to reading from NULL page. Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
This commit is contained in:
parent
8400607267
commit
b39f872a41
|
@ -47,6 +47,7 @@ static int adts_aac_probe(AVProbeData *p)
|
||||||
fsize = (AV_RB32(buf2 + 3) >> 13) & 0x1FFF;
|
fsize = (AV_RB32(buf2 + 3) >> 13) & 0x1FFF;
|
||||||
if(fsize < 7)
|
if(fsize < 7)
|
||||||
break;
|
break;
|
||||||
|
fsize = FFMIN(fsize, end - buf2);
|
||||||
buf2 += fsize;
|
buf2 += fsize;
|
||||||
}
|
}
|
||||||
max_frames = FFMAX(max_frames, frames);
|
max_frames = FFMAX(max_frames, frames);
|
||||||
|
|
Loading…
Reference in New Issue