From ab2940691ba76e1a9b0ce608db0dfc45021d741e Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Fri, 14 Oct 2011 18:27:59 -0700 Subject: [PATCH] avio: Check for invalid buffer length. --- libavformat/aviobuf.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c index b5e9d4c..8f3599a 100644 --- a/libavformat/aviobuf.c +++ b/libavformat/aviobuf.c @@ -769,13 +769,14 @@ int avio_get_str(AVIOContext *s, int maxlen, char *buf, int buflen) { int i; + if (buflen <= 0) + return AVERROR(EINVAL); // reserve 1 byte for terminating 0 buflen = FFMIN(buflen - 1, maxlen); for (i = 0; i < buflen; i++) if (!(buf[i] = avio_r8(s))) return i + 1; - if (buflen) - buf[i] = 0; + buf[i] = 0; for (; i < maxlen; i++) if (!avio_r8(s)) return i + 1; @@ -787,6 +788,8 @@ int avio_get_str(AVIOContext *s, int maxlen, char *buf, int buflen) {\ char* q = buf;\ int ret = 0;\ + if (buflen <= 0) \ + return AVERROR(EINVAL); \ while (ret + 1 < maxlen) {\ uint8_t tmp;\ uint32_t ch;\ -- 2.7.4