But ensure the value returned by evc_read_nal_unit_length() fits in an int.
Should prevent integer overflows later in the code.
Signed-off-by: James Almer <jamr...@gmail.com>
---
libavformat/evcdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/evcdec.c b/libavformat/evcdec.c
index 842258d229..ef743028ae 100644
--- a/libavformat/evcdec.c
+++ b/libavformat/evcdec.c
@@ -181,7 +181,7 @@ fail:
static int evc_read_packet(AVFormatContext *s, AVPacket *pkt)
{
int ret;
- int32_t nalu_size;
+ uint32_t nalu_size;
int au_end_found = 0;
EVCDemuxContext *const c = s->priv_data;
@@ -200,7 +200,7 @@ static int evc_read_packet(AVFormatContext *s, AVPacket
*pkt)
return ret;
nalu_size = read_nal_unit_length((const uint8_t *)&buf,
EVC_NALU_LENGTH_PREFIX_SIZE);
- if (nalu_size <= 0)
+ if (!nalu_size || nalu_size > INT_MAX)
return AVERROR_INVALIDDATA;
avio_seek(s->pb, -EVC_NALU_LENGTH_PREFIX_SIZE, SEEK_CUR);
--
2.41.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
