avformat/utils: Fix potential integer overflow in extract_extradata()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2018-09-27 00:00:26 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2018-10-07 03:03:09 +0200
commit: 0a41a8bf2945e59db7a0773ebce11a26b95d45b6 (patch)
tree: e4bb8aeced058b526b2326a97e0f802acb86fe2a
parent: b4a1ccfc41613ae476791e539c176ac98be03a05 (diff)
download: ffmpeg-0a41a8bf2945e59db7a0773ebce11a26b95d45b6.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/libavformat/utils.c b/libavformat/utils.c
index dcc0de9255..a8ac90213e 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -3544,7 +3544,9 @@ static int extract_extradata(AVStream *st, AVPacket *pkt)
                                             &extradata_size);
 
         if (extradata) {
-            sti->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
+            av_assert0(!sti->avctx->extradata);
+            if ((unsigned)extradata_size < FF_MAX_EXTRADATA_SIZE)
+                sti->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
             if (!sti->avctx->extradata) {
                 av_packet_unref(pkt_ref);
                 return AVERROR(ENOMEM);
author	Michael Niedermayer <michael@niedermayer.cc>	2018-09-27 00:00:26 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2018-10-07 03:03:09 +0200
commit	0a41a8bf2945e59db7a0773ebce11a26b95d45b6 (patch)
tree	e4bb8aeced058b526b2326a97e0f802acb86fe2a
parent	b4a1ccfc41613ae476791e539c176ac98be03a05 (diff)
download	ffmpeg-0a41a8bf2945e59db7a0773ebce11a26b95d45b6.tar.gz