diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2014-09-20 19:42:00 +0400 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2014-09-20 19:42:05 +0400 |
commit | 6dd718e416c05ddc0cdc03f28769e303e2eaafb7 (patch) | |
tree | 2c2eae279a0a31cf4f39ee2e64ffd6a49a30675a | |
parent | 1aab0609968ea9dabf53a7ceab85b21954fe0cf1 (diff) | |
parent | d14696c99ccac12a052ce10e70859ffc0293ed6a (diff) |
Merge commit 'd14696c99ccac12a052ce10e70859ffc0293ed6a' into release/2.2
* commit 'd14696c99ccac12a052ce10e70859ffc0293ed6a':
apetag: Fix APE tag size check
Merged-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r-- | libavformat/apetag.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/libavformat/apetag.c b/libavformat/apetag.c index 6e59bc7de1..94837f2a49 100644 --- a/libavformat/apetag.c +++ b/libavformat/apetag.c @@ -53,8 +53,10 @@ static int ape_tag_read_field(AVFormatContext *s) av_log(s, AV_LOG_WARNING, "Invalid APE tag key '%s'.\n", key); return -1; } - if (size >= UINT_MAX) - return -1; + if (size > INT32_MAX - FF_INPUT_BUFFER_PADDING_SIZE) { + av_log(s, AV_LOG_ERROR, "APE tag size too large.\n"); + return AVERROR_INVALIDDATA; + } if (flags & APE_TAG_FLAG_IS_BINARY) { uint8_t filename[1024]; enum AVCodecID id; |