aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2011-09-07 14:12:42 +0200
committerMichael Niedermayer <michaelni@gmx.at>2011-09-07 14:59:39 +0200
commitba9a7e0d71bd34f8b89ae99322b62a310be163a6 (patch)
tree44c0ca04a03c9d75ec66b4628228598f95a989d0
parent3961695b7f8e08e0dcf358c2da858ee7ad2b62a2 (diff)
downloadffmpeg-ba9a7e0d71bd34f8b89ae99322b62a310be163a6.tar.gz
rtp: Fix integer underflow that could allow remote code execution.
Fixes MSVR-11-0088 Credit: Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r--libavformat/rtpdec_asf.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/rtpdec_asf.c b/libavformat/rtpdec_asf.c
index 4f776453d7..384aeb24f3 100644
--- a/libavformat/rtpdec_asf.c
+++ b/libavformat/rtpdec_asf.c
@@ -235,6 +235,8 @@ static int asfrtp_parse_packet(AVFormatContext *s, PayloadContext *asf,
int prev_len = out_len;
out_len += cur_len;
asf->buf = av_realloc(asf->buf, out_len);
+ if(!asf->buf || FFMIN(cur_len, len - off)<0)
+ return -1;
memcpy(asf->buf + prev_len, buf + off,
FFMIN(cur_len, len - off));
avio_skip(pb, cur_len);