projects
/
platform
/
upstream
/
libav.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
1430ae4
)
flacdec: fix buffer size checking in get_metadata_size()
author
Justin Ruggles
<justin.ruggles@gmail.com>
Tue, 13 Sep 2011 19:13:44 +0000
(15:13 -0400)
committer
Justin Ruggles
<justin.ruggles@gmail.com>
Mon, 26 Sep 2011 19:29:45 +0000
(15:29 -0400)
Adds an additional check before reading the next block header and avoids a
potential integer overflow when checking the metadata size against the
remaining buffer size.
libavcodec/flacdec.c
patch
|
blob
|
history
diff --git
a/libavcodec/flacdec.c
b/libavcodec/flacdec.c
index
f6d0abe
..
3eb117a
100644
(file)
--- a/
libavcodec/flacdec.c
+++ b/
libavcodec/flacdec.c
@@
-226,9
+226,11
@@
static int get_metadata_size(const uint8_t *buf, int buf_size)
buf += 4;
do {
+ if (buf_end - buf < 4)
+ return 0;
ff_flac_parse_block_header(buf, &metadata_last, NULL, &metadata_size);
buf += 4;
- if (buf
+ metadata_size > buf_end
) {
+ if (buf
_end - buf < metadata_size
) {
/* need more data in order to read the complete header */
return 0;
}