Browse code
lavc/alac: Avoid allocating huge memory blocks for malicious alac input.
Carl Eugen Hoyos authored on 2017/11/01 23:14:22Showing 1 changed files
| ... | ... |
@@ -524,7 +524,7 @@ static int alac_set_info(ALACContext *alac) |
| 524 | 524 |
|
| 525 | 525 |
alac->max_samples_per_frame = bytestream2_get_be32u(&gb); |
| 526 | 526 |
if (!alac->max_samples_per_frame || |
| 527 |
- alac->max_samples_per_frame > INT_MAX / sizeof(int32_t)) {
|
|
| 527 |
+ alac->max_samples_per_frame > 4096 * 4096) {
|
|
| 528 | 528 |
av_log(alac->avctx, AV_LOG_ERROR, |
| 529 | 529 |
"max samples per frame invalid: %"PRIu32"\n", |
| 530 | 530 |
alac->max_samples_per_frame); |