avformat/iff: check for possible overflow in 2nd argument of av_new_packet
Signed-off-by: Paul B Mahol <onemda@gmail.com>
This commit is contained in:
parent
428424fe75
commit
aff3acc54c
@ -721,11 +721,15 @@ static int iff_read_packet(AVFormatContext *s,
|
||||
if (st->codec->codec_tag == ID_DSD || st->codec->codec_tag == ID_MAUD) {
|
||||
ret = av_get_packet(pb, pkt, FFMIN(iff->body_end - pos, 1024 * st->codec->block_align));
|
||||
} else {
|
||||
if (iff->body_size > INT_MAX)
|
||||
return AVERROR_INVALIDDATA;
|
||||
ret = av_get_packet(pb, pkt, iff->body_size);
|
||||
}
|
||||
} else if (st->codec->codec_type == AVMEDIA_TYPE_VIDEO) {
|
||||
uint8_t *buf;
|
||||
|
||||
if (iff->body_size > INT_MAX - 2)
|
||||
return AVERROR_INVALIDDATA;
|
||||
if (av_new_packet(pkt, iff->body_size + 2) < 0) {
|
||||
return AVERROR(ENOMEM);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user