diff options
author | Xi Wang <xi.wang@gmail.com> | 2013-01-22 21:40:05 -0500 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2013-01-23 05:29:59 +0100 |
commit | 4e692374f7962ea358c329de38c380103f8991b6 (patch) | |
tree | af414e7a6330378374eb0036c777998924c19eb6 /libavcodec/adxdec.c | |
parent | 902cfe2f74d777a7dc20ac68f2393b9f84b790c1 (diff) | |
download | ffmpeg-4e692374f7962ea358c329de38c380103f8991b6.tar.gz |
rtmp: fix buffer overflows in ff_amf_tag_contents()
A negative `size' will bypass FFMIN(). In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.
Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/adxdec.c')
0 files changed, 0 insertions, 0 deletions