Fixes: case1_call_stack_overflow.mp4
Found-by: Michal Zalewski <lcamtuf@coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
... | ... |
@@ -1480,7 +1480,7 @@ static void mov_parse_stsd_audio(MOVContext *c, AVIOContext *pb, |
1480 | 1480 |
|
1481 | 1481 |
static void mov_parse_stsd_subtitle(MOVContext *c, AVIOContext *pb, |
1482 | 1482 |
AVStream *st, MOVStreamContext *sc, |
1483 |
- int size) |
|
1483 |
+ int64_t size) |
|
1484 | 1484 |
{ |
1485 | 1485 |
// ttxt stsd contains display flags, justification, background |
1486 | 1486 |
// color, fonts, and default styles, so fake an atom to read it |
... | ... |
@@ -1494,10 +1494,10 @@ static void mov_parse_stsd_subtitle(MOVContext *c, AVIOContext *pb, |
1494 | 1494 |
|
1495 | 1495 |
static int mov_parse_stsd_data(MOVContext *c, AVIOContext *pb, |
1496 | 1496 |
AVStream *st, MOVStreamContext *sc, |
1497 |
- int size) |
|
1497 |
+ int64_t size) |
|
1498 | 1498 |
{ |
1499 | 1499 |
if (st->codec->codec_tag == MKTAG('t','m','c','d')) { |
1500 |
- if (ff_get_extradata(st->codec, pb, size) < 0) |
|
1500 |
+ if ((int)size != size || ff_get_extradata(st->codec, pb, size) < 0) |
|
1501 | 1501 |
return AVERROR(ENOMEM); |
1502 | 1502 |
if (size > 16) { |
1503 | 1503 |
MOVStreamContext *tmcd_ctx = st->priv_data; |