generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

flacdec: fix buffer size checking in get_metadata_size()

Browse Source 
Adds an additional check before reading the next block header and avoids a
potential integer overflow when checking the metadata size against the
remaining buffer size.
(cherry picked from commit 4c5e7b27d5)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
Justin Ruggles
2011-09-13 15:13:44 -04:00
committed by Reinhard Tartler
parent ce80957cf1
commit 7fc9aa6d35
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/flacdec.c
View File

@@ -228,9 +228,11 @@ static int get_metadata_size(const uint8_t *buf, int buf_size)
buf += 4; buf += 4;
do { do {
if (buf_end - buf < 4)
return 0;
ff_flac_parse_block_header(buf, &metadata_last, NULL, &metadata_size); ff_flac_parse_block_header(buf, &metadata_last, NULL, &metadata_size);
buf += 4; buf += 4;
if (buf + metadata_size > buf_end) { if (buf_end - buf < metadata_size) {
/* need more data in order to read the complete header */ /* need more data in order to read the complete header */
return 0; return 0;
} }