From 8a7daa7180f674ee75893e3bdaf2711e34612469 Mon Sep 17 00:00:00 2001
From: hj kim <backto.kim@samsung.com>
Date: Tue, 2 Feb 2021 13:51:32 +0900
Subject: [PATCH] Check size_bmp more fully

patch from ffmpeg to fix CVE-2018-1999011

Change-Id: Ic1bf9125a7ac885db6ac618a5a19ba17e7b292ab
---
 libavformat/asfdec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 mode change 100755 => 100644 libavformat/asfdec.c

diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
old mode 100755
new mode 100644
index d508d79..449be24
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -704,7 +704,8 @@ static int parse_video_info(AVIOContext *pb, AVStream *st)
     st->codecpar->codec_id  = ff_codec_get_id(ff_codec_bmp_tags, tag);
     size_bmp = FFMAX(size_asf, size_bmp);
 
-    if (size_bmp > BMP_HEADER_SIZE) {
+    if (size_bmp > BMP_HEADER_SIZE &&
+        size_bmp < INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE) {
         int ret;
         st->codecpar->extradata_size  = size_bmp - BMP_HEADER_SIZE;
         if (!(st->codecpar->extradata = av_malloc(st->codecpar->extradata_size +
-- 
2.7.4