[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()

Wed, 04 Feb 2015 08:18:29 -0800 

ffmpeg | branch: release/1.2 | Michael Niedermayer <michae...@gmx.at> | Tue Jan 
 6 04:29:10 2015 +0100| [b6351f9978a4188dfc5213a863b8c08308f6fec8] | committer: 
Michael Niedermayer

avformat/mov: fix integer overflow in mov_read_udta_string()

Found-by: Paul Mehta <p...@paulmehta.com>
Signed-off-by: Michael Niedermayer <michae...@gmx.at>
(cherry picked from commit 3859868c75313e318ebc5d0d33baada62d45dd75)

Signed-off-by: Michael Niedermayer <michae...@gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b6351f9978a4188dfc5213a863b8c08308f6fec8
---

 libavformat/mov.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 03a36a8..b6449f3 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -388,7 +388,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext 
*pb, MOVAtom atom)
 
     if (!key)
         return 0;
-    if (atom.size < 0)
+    if (atom.size < 0 || str_size >= INT_MAX/2)
         return AVERROR_INVALIDDATA;
 
     str_size = FFMIN3(sizeof(str)-1, str_size, atom.size);

_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

Reply via email to