Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/FFmpeg/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2014-09-20 19:42:00 +0400
committerMichael Niedermayer <michaelni@gmx.at>2014-09-20 19:42:05 +0400
commit6dd718e416c05ddc0cdc03f28769e303e2eaafb7 (patch)
tree2c2eae279a0a31cf4f39ee2e64ffd6a49a30675a
parent1aab0609968ea9dabf53a7ceab85b21954fe0cf1 (diff)
parentd14696c99ccac12a052ce10e70859ffc0293ed6a (diff)
Merge commit 'd14696c99ccac12a052ce10e70859ffc0293ed6a' into release/2.2
* commit 'd14696c99ccac12a052ce10e70859ffc0293ed6a': apetag: Fix APE tag size check Merged-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat
-rw-r--r--libavformat/apetag.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/libavformat/apetag.c b/libavformat/apetag.c
index 6e59bc7de1..94837f2a49 100644
--- a/libavformat/apetag.c
+++ b/libavformat/apetag.c
@@ -53,8 +53,10 @@ static int ape_tag_read_field(AVFormatContext *s)
av_log(s, AV_LOG_WARNING, "Invalid APE tag key '%s'.\n", key);
return -1;
}
- if (size >= UINT_MAX)
- return -1;
+ if (size > INT32_MAX - FF_INPUT_BUFFER_PADDING_SIZE) {
+ av_log(s, AV_LOG_ERROR, "APE tag size too large.\n");
+ return AVERROR_INVALIDDATA;
+ }
if (flags & APE_TAG_FLAG_IS_BINARY) {
uint8_t filename[1024];
enum AVCodecID id;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 20:32:56 +0300