diff options
author | Martin Storsjö <martin@martin.st> | 2016-12-15 10:24:20 +0200 |
---|---|---|
committer | Martin Storsjö <martin@martin.st> | 2016-12-23 21:28:05 +0200 |
commit | 131644677970a3c4a0096270ea2a5b5d437c2e63 (patch) | |
tree | 8c92cbe843536284e2dc95ff7a4a0f46827d7a3e | |
parent | 0b77a5933635293508e7289e7cf191ed166cf070 (diff) | |
download | ffmpeg-131644677970a3c4a0096270ea2a5b5d437c2e63.tar.gz |
http: Check for negative chunk sizes
A negative chunk size is illegal and would end up used as
length for memcpy, where it would lead to memory accesses
out of bounds.
Found-by: Paul Cher <paulcher@icloud.com>
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
-rw-r--r-- | libavformat/http.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/libavformat/http.c b/libavformat/http.c index 8fe8d11e1e..00cf295001 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -784,8 +784,9 @@ static int http_read_stream(URLContext *h, uint8_t *buf, int size) av_log(NULL, AV_LOG_TRACE, "Chunked encoding data size: %"PRId64"'\n", s->chunksize); - - if (!s->chunksize) + if (s->chunksize < 0) + return AVERROR_INVALIDDATA; + else if (!s->chunksize) return 0; break; } |