OSDN Git Service
(root)
/
coroid
/
ffmpeg_saccubus.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
8400607
)
Limit fsize before adding to pointer.
author
Reimar Döffinger
<Reimar.Doeffinger@gmx.de>
Sat, 30 Jul 2011 09:45:15 +0000
(11:45 +0200)
committer
Reimar Döffinger
<Reimar.Doeffinger@gmx.de>
Sun, 31 Jul 2011 17:40:08 +0000
(19:40 +0200)
This avoids a theoretically possible pointer arithmetic overflow
which would lead to a crash due to reading from NULL page.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
libavformat/aacdec.c
patch
|
blob
|
history
diff --git
a/libavformat/aacdec.c
b/libavformat/aacdec.c
index
ded11b6
..
c3a5029
100644
(file)
--- a/
libavformat/aacdec.c
+++ b/
libavformat/aacdec.c
@@
-47,6
+47,7
@@
static int adts_aac_probe(AVProbeData *p)
fsize = (AV_RB32(buf2 + 3) >> 13) & 0x1FFF;
if(fsize < 7)
break;
+ fsize = FFMIN(fsize, end - buf2);
buf2 += fsize;
}
max_frames = FFMAX(max_frames, frames);