mxfdec: Fix Sign error in mxf_read_primer_pack()

Michael Niedermayer Tue, 29 Aug 2017 16:21:29 -0700

From: 孙浩(晓黑) <tony...@alibaba-inc.com>

Fixes: 20170829B.mxf


Co-Author: 张洪亮(望初)" <wangchu....@alibaba-inc.com>
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
 libavformat/mxfdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 6adb77d81f..91731a7533 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -500,7 +500,7 @@ static int mxf_read_primer_pack(void *arg, AVIOContext *pb, 
int tag, int size, U
         avpriv_request_sample(pb, "Primer pack item length %d", item_len);
         return AVERROR_PATCHWELCOME;
     }
-    if (item_num > 65536) {
+    if (item_num > 65536 || item_num < 0) {
         av_log(mxf->fc, AV_LOG_ERROR, "item_num %d is too large\n", item_num);
         return AVERROR_INVALIDDATA;
     }
-- 
2.14.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH 3/3] avformat/mxfdec: Fix Sign error in mxf_read_primer_pack()

Reply via email to