ffmpeg | branch: master | Andreas Cadhalpun <andreas.cadhal...@googlemail.com> | Tue Jan 5 13:05:50 2016 +0100| [fa463aa83a4920b0eed47ad1f79775dfc53d21ec] | committer: Anton Khirnov
avpacket: fix size check in packet_alloc The previous check only caught sizes from -AV_INPUT_BUFFER_PADDING_SIZE to -1. This fixes ubsan runtime error: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int' Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> Signed-off-by: Anton Khirnov <an...@khirnov.net> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fa463aa83a4920b0eed47ad1f79775dfc53d21ec --- libavcodec/avpacket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c index 87454d5..3f8e163 100644 --- a/libavcodec/avpacket.c +++ b/libavcodec/avpacket.c @@ -69,7 +69,7 @@ void av_packet_free(AVPacket **pkt) static int packet_alloc(AVBufferRef **buf, int size) { int ret; - if ((unsigned)size >= (unsigned)size + AV_INPUT_BUFFER_PADDING_SIZE) + if (size < 0 || size >= INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE) return AVERROR(EINVAL); ret = av_buffer_realloc(buf, size + AV_INPUT_BUFFER_PADDING_SIZE); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
