diff options
| author | Justin Ruggles <[email protected]> | 2011-09-13 15:13:44 -0400 |
|---|---|---|
| committer | Reinhard Tartler <[email protected]> | 2012-03-18 17:50:17 +0100 |
| commit | 7fc9aa6d359e6c594a367e4db6366bc661581f56 (patch) | |
| tree | e9ddc5446cae3ceb9099297bffb2558e66d2a307 | |
| parent | ce80957cf10e2ddbdbe6f74912c69228a8efaf35 (diff) | |
flacdec: fix buffer size checking in get_metadata_size()
Adds an additional check before reading the next block header and avoids a
potential integer overflow when checking the metadata size against the
remaining buffer size.
(cherry picked from commit 4c5e7b27d57dd2be777780e840eef9be63242158)
Signed-off-by: Anton Khirnov <[email protected]>
| -rw-r--r-- | libavcodec/flacdec.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libavcodec/flacdec.c b/libavcodec/flacdec.c index 1ce8559de6..7331c5cdd1 100644 --- a/libavcodec/flacdec.c +++ b/libavcodec/flacdec.c @@ -228,9 +228,11 @@ static int get_metadata_size(const uint8_t *buf, int buf_size) buf += 4; do { + if (buf_end - buf < 4) + return 0; ff_flac_parse_block_header(buf, &metadata_last, NULL, &metadata_size); buf += 4; - if (buf + metadata_size > buf_end) { + if (buf_end - buf < metadata_size) { /* need more data in order to read the complete header */ return 0; } |