generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix remotely exploitable arbitrary code execution vulnerability.

Browse Source 
Found by Tobias Klein / tk // trapkit / de /
See: http://www.trapkit.de/advisories/TKADV2009-004.txt

Originally committed as revision 16846 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Michael Niedermayer
2009-01-28 13:37:26 +00:00
parent 5a446bc88e
commit 0838cfdc8a
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
libavformat/4xm.c
View File

@@ -166,12 +166,13 @@ static int fourxm_read_header(AVFormatContext *s,
goto fail; goto fail;
} }
current_track = AV_RL32(&header[i + 8]); current_track = AV_RL32(&header[i + 8]);
if (current_track + 1 > fourxm->track_count) { if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack) - 1){
fourxm->track_count = current_track + 1; av_log(s, AV_LOG_ERROR, "current_track too large\n");
if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack)){
ret= -1; ret= -1;
goto fail; goto fail;
} }
if (current_track + 1 > fourxm->track_count) {
fourxm->track_count = current_track + 1;
fourxm->tracks = av_realloc(fourxm->tracks, fourxm->tracks = av_realloc(fourxm->tracks,
fourxm->track_count * sizeof(AudioTrack)); fourxm->track_count * sizeof(AudioTrack));
if (!fourxm->tracks) { if (!fourxm->tracks) {