On 11/09/13 23:13, Martin Storsjö wrote: > On Wed, 11 Sep 2013, Luca Barbato wrote: > >> On 11/09/13 22:47, Martin Storsjö wrote: >>> Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind >>> CC: [email protected] >>> --- >>> libavformat/mpc8.c | 4 ++++ >>> 1 file changed, 4 insertions(+) >>> >>> diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c >>> index c3c70e0..21b8403 100644 >>> --- a/libavformat/mpc8.c >>> +++ b/libavformat/mpc8.c >>> @@ -145,6 +145,10 @@ static void mpc8_parse_seektable(AVFormatContext >>> *s, int64_t off) >>> av_log(s, AV_LOG_ERROR, "No seek table at given position\n"); >>> return; >>> } >>> + if (size < 0 || size >= INT_MAX/2) { >> ^^^ spaces >>> + av_log(s, AV_LOG_ERROR, "Bad seek table size\n"); >>> + return; >>> + } >>> if(!(buf = av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE))) >>> return; >>> avio_read(s->pb, buf, size); >>> > > Amended locally - ok with that change? >
Looks fine even if I'd like to know why the INT_MAX / 2 limit. lu _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
