aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author李赞 <lizan@ruc.edu.cn>2017-05-10 14:55:34 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2017-05-17 20:35:20 +0200
commit00e8a7adf4afb350c1b4556d7d2b66412713c463 (patch)
tree2c3e164ca7a3e238ba1a42b4b12a454fdf00aebd
parent742ccace7c3516d2fc23618136e14390a3557af1 (diff)
downloadffmpeg-00e8a7adf4afb350c1b4556d7d2b66412713c463.tar.gz
avformat/wavdec: Check chunk_size
Fixes integer overflow and out of array access Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3d232196372f309a75ed074c4cef30578eec1782) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavformat/wavdec.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c
index d95596f6ed..a9ba03f557 100644
--- a/libavformat/wavdec.c
+++ b/libavformat/wavdec.c
@@ -804,6 +804,8 @@ static int w64_read_header(AVFormatContext *s)
chunk_key[4] = 0;
avio_read(pb, chunk_key, 4);
chunk_size = avio_rl32(pb);
+ if (chunk_size == UINT32_MAX)
+ return AVERROR_INVALIDDATA;
value = av_mallocz(chunk_size + 1);
if (!value)