On Mon, Aug 13, 2018 at 3:31 PM Carl Eugen Hoyos <ceffm...@gmail.com> wrote: > > 2018-08-14 0:22 GMT+02:00, Jacob Trimble <modmaker-at-google....@ffmpeg.org>: > > Fixes: 873693 > > This does not look helpful.
Changed. > > Carl Eugen > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
From a822b6a1f0bba9f36314d9c8af1b9eca7c0bc406 Mon Sep 17 00:00:00 2001 From: Jacob Trimble <modma...@google.com> Date: Mon, 13 Aug 2018 15:17:11 -0700 Subject: [PATCH] avutil/encryption_info: Fix size calculation. Found by Chrome's ClusterFuzz: https://crbug.com/873693 Signed-off-by: Jacob Trimble <modma...@google.com> --- libavutil/encryption_info.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavutil/encryption_info.c b/libavutil/encryption_info.c index 3b7e16cd0c..812c704776 100644 --- a/libavutil/encryption_info.c +++ b/libavutil/encryption_info.c @@ -297,14 +297,14 @@ uint8_t *av_encryption_init_info_add_side_data(const AVEncryptionInitInfo *info, temp_side_data_size = 4; init_info_count = 0; for (cur_info = info; cur_info; cur_info = cur_info->next) { - temp_side_data_size += (uint64_t)FF_ENCRYPTION_INIT_INFO_EXTRA + info->system_id_size + info->data_size; + temp_side_data_size += (uint64_t)FF_ENCRYPTION_INIT_INFO_EXTRA + cur_info->system_id_size + cur_info->data_size; if (init_info_count == UINT32_MAX || temp_side_data_size > UINT32_MAX) { return NULL; } init_info_count++; - if (info->num_key_ids) { - temp_side_data_size += (uint64_t)info->num_key_ids * info->key_id_size; + if (cur_info->num_key_ids) { + temp_side_data_size += (uint64_t)cur_info->num_key_ids * cur_info->key_id_size; if (temp_side_data_size > UINT32_MAX) { return NULL; } -- 2.18.0.597.ga71716f1ad-goog
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
