rtp: Fix integer underflow that could allow remote code execution.
Fixes MSVR-11-0088 Credit: Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
3961695b7f
commit
ba9a7e0d71
@ -235,6 +235,8 @@ static int asfrtp_parse_packet(AVFormatContext *s, PayloadContext *asf,
|
|||||||
int prev_len = out_len;
|
int prev_len = out_len;
|
||||||
out_len += cur_len;
|
out_len += cur_len;
|
||||||
asf->buf = av_realloc(asf->buf, out_len);
|
asf->buf = av_realloc(asf->buf, out_len);
|
||||||
|
if(!asf->buf || FFMIN(cur_len, len - off)<0)
|
||||||
|
return -1;
|
||||||
memcpy(asf->buf + prev_len, buf + off,
|
memcpy(asf->buf + prev_len, buf + off,
|
||||||
FFMIN(cur_len, len - off));
|
FFMIN(cur_len, len - off));
|
||||||
avio_skip(pb, cur_len);
|
avio_skip(pb, cur_len);
|
||||||
|
Loading…
Reference in New Issue
Block a user