On Wed, Sep 11, 2013 at 11:47:58PM +0300, Martin Storsjö wrote:
> --- a/libavformat/sierravmd.c
> +++ b/libavformat/sierravmd.c
> @@ -199,6 +199,10 @@ static int vmd_read_header(AVFormatContext *s)
> type = chunk[0];
> size = AV_RL32(&chunk[2]);
> + if (size > INT_MAX/2) {
> + av_log(s, AV_LOG_ERROR, "Invalid frame size\n");
> + goto error;
> + }
> if(!size && type != 1)
> continue;
> @@ -235,6 +239,11 @@ static int vmd_read_header(AVFormatContext *s)
>
> return 0;
> +
> +error:
> + av_free(raw_frame_table);
> + av_free(vmd->frame_table);
> + return AVERROR_INVALIDDATA;
> }
It feels silly to have the goto for just this one case instead of just
returning directly.
Diego
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
