1. ffmpeg
  2. Commit 40a7700b82aec0036622f8673ce64e070a520891
Browse code

avformat/flacenc: Check length in flac_write_block_comment()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Michael Niedermayer authored on 2015/05/11 22:30:32
Showing 1 changed files
libavformat/flacenc.c
History View file @ 40a7700
... ... 
@@ -50,12 +50,14 @@ static int flac_write_block_comment(AVIOContext *pb, AVDictionary **m,
50 50 
                                     int last_block, int bitexact)
51 51 
 {
52 52 
     const char *vendor = bitexact ? "ffmpeg" : LIBAVFORMAT_IDENT;
53 
-    unsigned int len;
53 
+    int64_t len;
54 54 
     uint8_t *p, *p0;
55 55
56 56 
     ff_metadata_conv(m, ff_vorbiscomment_metadata_conv, NULL);
57 57
58 58 
     len = ff_vorbiscomment_length(*m, vendor);
59 
+    if (len >= ((1<<24) - 4))
60 
+        return AVERROR(EINVAL);
59 61 
     p0 = av_malloc(len+4);
60 62 
     if (!p0)
61 63 
         return AVERROR(ENOMEM);