diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2016-10-21 19:45:21 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2016-10-21 20:06:29 +0200 |
| commit | fecb3e82a4ba09dc11a51ad0961ab491881a53a1 (patch) | |
| tree | c74750c21a27926b4feb5577cc97b205856da1a9 | |
| parent | c495f4ffde1eb452448dbe5818b33a2989c47bae (diff) | |
| download | ffmpeg-fecb3e82a4ba09dc11a51ad0961ab491881a53a1.tar.gz | |
avformat/mxfdec: Check size to avoid integer overflow in mxf_read_utf16_string()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavformat/mxfdec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index cdb5c4ed11..d2166ee5a1 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -717,7 +717,7 @@ static inline int mxf_read_utf16_string(AVIOContext *pb, int size, char** str, i int ret; size_t buf_size; - if (size < 0) + if (size < 0 || size > INT_MAX/2) return AVERROR(EINVAL); buf_size = size + size / 2 + 1; |