rtp: Fix integer underflow that could allow remote code execution.
Fixes MSVR-11-0088 Credit: Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
3961695b7f
commit
ba9a7e0d71
@ -235,6 +235,8 @@ static int asfrtp_parse_packet(AVFormatContext *s, PayloadContext *asf,
|
||||
int prev_len = out_len;
|
||||
out_len += cur_len;
|
||||
asf->buf = av_realloc(asf->buf, out_len);
|
||||
if(!asf->buf || FFMIN(cur_len, len - off)<0)
|
||||
return -1;
|
||||
memcpy(asf->buf + prev_len, buf + off,
|
||||
FFMIN(cur_len, len - off));
|
||||
avio_skip(pb, cur_len);
|
||||
|
Loading…
Reference in New Issue
Block a user