Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8003816e1619e77d8de051883264aa090e0d78cc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
... | ... |
@@ -2366,7 +2366,7 @@ static int mov_open_dref(AVIOContext **pb, const char *src, MOVDref *ref, |
2366 | 2366 |
/* try relative path, we do not try the absolute because it can leak information about our |
2367 | 2367 |
system to an attacker */ |
2368 | 2368 |
if (ref->nlvl_to > 0 && ref->nlvl_from > 0) { |
2369 |
- char filename[1024]; |
|
2369 |
+ char filename[1025]; |
|
2370 | 2370 |
const char *src_path; |
2371 | 2371 |
int i, l; |
2372 | 2372 |
|
... | ... |
@@ -2396,6 +2396,8 @@ static int mov_open_dref(AVIOContext **pb, const char *src, MOVDref *ref, |
2396 | 2396 |
|
2397 | 2397 |
av_strlcat(filename, ref->path + l + 1, sizeof(filename)); |
2398 | 2398 |
|
2399 |
+ if (strlen(filename) + 1 == sizeof(filename)) |
|
2400 |
+ return AVERROR(ENOENT); |
|
2399 | 2401 |
if (!avio_open2(pb, filename, AVIO_FLAG_READ, int_cb, NULL)) |
2400 | 2402 |
return 0; |
2401 | 2403 |
} |