falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

avpacket: fix size check in packet_alloc 

The previous check only caught sizes from -AV_INPUT_BUFFER_PADDING_SIZE
to -1.

This fixes ubsan runtime error: signed integer overflow: 2147483647 + 32
cannot be represented in type 'int'

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
tags/n3.0
Andreas Cadhalpun Anton Khirnov 9 years ago
parent
066281372d
commit
fa463aa83a
1 changed files with 1 additions and 1 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      libavcodec/avpacket.c

+ 1
- 1
libavcodec/avpacket.c View File

@@ -69,7 +69,7 @@ void av_packet_free(AVPacket **pkt)
static int packet_alloc(AVBufferRef **buf, int size) static int packet_alloc(AVBufferRef **buf, int size)
{ {
int ret; int ret;
if ((unsigned)size >= (unsigned)size + AV_INPUT_BUFFER_PADDING_SIZE)
if (size < 0 || size >= INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE)
return AVERROR(EINVAL); return AVERROR(EINVAL);


ret = av_buffer_realloc(buf, size + AV_INPUT_BUFFER_PADDING_SIZE); ret = av_buffer_realloc(buf, size + AV_INPUT_BUFFER_PADDING_SIZE);


Write Preview
Loading…
Cancel
Save