Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8003816e1619e77d8de051883264aa090e0d78cc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
... | ... |
@@ -2600,7 +2600,7 @@ static int mov_open_dref(AVIOContext **pb, const char *src, MOVDref *ref, |
2600 | 2600 |
/* try relative path, we do not try the absolute because it can leak information about our |
2601 | 2601 |
system to an attacker */ |
2602 | 2602 |
if (ref->nlvl_to > 0 && ref->nlvl_from > 0) { |
2603 |
- char filename[1024]; |
|
2603 |
+ char filename[1025]; |
|
2604 | 2604 |
const char *src_path; |
2605 | 2605 |
int i, l; |
2606 | 2606 |
|
... | ... |
@@ -2630,6 +2630,8 @@ static int mov_open_dref(AVIOContext **pb, const char *src, MOVDref *ref, |
2630 | 2630 |
|
2631 | 2631 |
av_strlcat(filename, ref->path + l + 1, sizeof(filename)); |
2632 | 2632 |
|
2633 |
+ if (strlen(filename) + 1 == sizeof(filename)) |
|
2634 |
+ return AVERROR(ENOENT); |
|
2633 | 2635 |
if (!avio_open2(pb, filename, AVIO_FLAG_READ, int_cb, NULL)) |
2634 | 2636 |
return 0; |
2635 | 2637 |
} |