avcodec/mpegvideo_enc: Check for integer overflow in ff_mpv_reallocate_putbitbuffer()

Fixes assertion failure Fixes: 6568d187979ce17878b6fe5fbbb89142/signal_sigabrt_7ffff6ae7cb7_7176_564bbc6741bdcf907f5c4e685c9a77a2.mpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b65efbc0f4195421c15d2a6c228d331eec5b31c3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2016-01-21 15:39:43 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2016-01-31 00:24:51 +0100
commit: 0ec1ffcb4db43d0a635e3bfcdc648c1a372fdb0b (patch)
tree: a801e632f3bd106a7319660c4b87c56ca8f66d05
parent: 2df2c0aab0cacf89d1e8f6f8ec6baafe70e7df02 (diff)
download: ffmpeg-0ec1ffcb4db43d0a635e3bfcdc648c1a372fdb0b.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
index 2bc7709970..2084a3ac75 100644
--- a/libavcodec/mpegvideo_enc.c
+++ b/libavcodec/mpegvideo_enc.c
@@ -2730,6 +2730,11 @@ int ff_mpv_reallocate_putbitbuffer(MpegEncContext *s, size_t threshold, size_t s
         uint8_t *new_buffer = NULL;
         int new_buffer_size = 0;
 
+        if ((s->avctx->internal->byte_buffer_size + size_increase) >= INT_MAX/8) {
+            av_log(s->avctx, AV_LOG_ERROR, "Cannot reallocate putbit buffer\n");
+            return AVERROR(ENOMEM);
+        }
+
         av_fast_padded_malloc(&new_buffer, &new_buffer_size,
                               s->avctx->internal->byte_buffer_size + size_increase);
         if (!new_buffer)
author	Michael Niedermayer <michael@niedermayer.cc>	2016-01-21 15:39:43 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2016-01-31 00:24:51 +0100
commit	0ec1ffcb4db43d0a635e3bfcdc648c1a372fdb0b (patch)
tree	a801e632f3bd106a7319660c4b87c56ca8f66d05
parent	2df2c0aab0cacf89d1e8f6f8ec6baafe70e7df02 (diff)
download	ffmpeg-0ec1ffcb4db43d0a635e3bfcdc648c1a372fdb0b.tar.gz