diff options
| author | Vitaly Buka <[email protected]> | 2017-08-20 11:56:47 -0700 |
|---|---|---|
| committer | Michael Niedermayer <[email protected]> | 2017-08-24 12:03:51 +0200 |
| commit | 64af458bb86288edd640795d346cee6a7327f799 (patch) | |
| tree | 984c6ead52abe66cf392d8dac3d9ade83807fdbb | |
| parent | 616154a6a5352cbf3685f3bb494df8b5f4a8ebc0 (diff) | |
avformat/mov: Fix signed integer overflows with total_size
Signed integer overflow is undefined behavior.
Detected with clang and -fsanitize=signed-integer-overflow
Signed-off-by: Vitaly Buka <[email protected]>
Signed-off-by: Michael Niedermayer <[email protected]>
(cherry picked from commit 4a404cb5b90b878cbe1bb528fac65cf508668cc5)
Signed-off-by: Michael Niedermayer <[email protected]>
| -rw-r--r-- | libavformat/mov.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c index b06e9c84ae..cff3c7017f 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -4255,7 +4255,7 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (atom.size < 0) atom.size = INT64_MAX; - while (total_size + 8 <= atom.size && !avio_feof(pb)) { + while (total_size <= atom.size - 8 && !avio_feof(pb)) { int (*parse)(MOVContext*, AVIOContext*, MOVAtom) = NULL; a.size = atom.size; a.type=0; |