aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2016-10-21 19:45:21 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2016-10-21 20:26:00 +0200
commit9e6586ceb2f2891730557c7ec8bf5388cc7b0d94 (patch)
tree341cf0b282971b1ec0b91a9cb27dc24fad55ce15
parent6456a7416e8f04f75752ce6174372e2fc6271a80 (diff)
downloadffmpeg-9e6586ceb2f2891730557c7ec8bf5388cc7b0d94.tar.gz
avformat/mxfdec: Check size to avoid integer overflow in mxf_read_utf16_string()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fecb3e82a4ba09dc11a51ad0961ab491881a53a1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavformat/mxfdec.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 0affca97a2..17ffdf5239 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -827,7 +827,7 @@ static inline int mxf_read_utf16_string(AVIOContext *pb, int size, char** str, i
int ret;
size_t buf_size;
- if (size < 0)
+ if (size < 0 || size > INT_MAX/2)
return AVERROR(EINVAL);
buf_size = size + size / 2 + 1;