aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorReimar Döffinger <Reimar.Doeffinger@gmx.de>2011-07-30 11:45:15 +0200
committerReimar Döffinger <Reimar.Doeffinger@gmx.de>2011-07-31 19:40:08 +0200
commitb39f872a41b92a31589052c8f914c5b52f206fd0 (patch)
treea8d4ccbeba53a78f6a6a49dd7355e71e9e359e38
parent8400607267458371398b0d3f170b6c0d9c688453 (diff)
downloadffmpeg-b39f872a41b92a31589052c8f914c5b52f206fd0.tar.gz
Limit fsize before adding to pointer.
This avoids a theoretically possible pointer arithmetic overflow which would lead to a crash due to reading from NULL page. Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
-rw-r--r--libavformat/aacdec.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/libavformat/aacdec.c b/libavformat/aacdec.c
index ded11b6854..c3a5029260 100644
--- a/libavformat/aacdec.c
+++ b/libavformat/aacdec.c
@@ -47,6 +47,7 @@ static int adts_aac_probe(AVProbeData *p)
fsize = (AV_RB32(buf2 + 3) >> 13) & 0x1FFF;
if(fsize < 7)
break;
+ fsize = FFMIN(fsize, end - buf2);
buf2 += fsize;
}
max_frames = FFMAX(max_frames, frames);