From 40a7700b82aec0036622f8673ce64e070a520891 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 11 May 2015 15:30:32 +0200 Subject: [PATCH] avformat/flacenc: Check length in flac_write_block_comment() Signed-off-by: Michael Niedermayer --- libavformat/flacenc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/flacenc.c b/libavformat/flacenc.c index 4255363f95..a45f83ec21 100644 --- a/libavformat/flacenc.c +++ b/libavformat/flacenc.c @@ -50,12 +50,14 @@ static int flac_write_block_comment(AVIOContext *pb, AVDictionary **m, int last_block, int bitexact) { const char *vendor = bitexact ? "ffmpeg" : LIBAVFORMAT_IDENT; - unsigned int len; + int64_t len; uint8_t *p, *p0; ff_metadata_conv(m, ff_vorbiscomment_metadata_conv, NULL); len = ff_vorbiscomment_length(*m, vendor); + if (len >= ((1<<24) - 4)) + return AVERROR(EINVAL); p0 = av_malloc(len+4); if (!p0) return AVERROR(ENOMEM);