avformat/oggenc: Check ff_vorbiscomment_length in ogg_write_vorbiscomment()
authorMichael Niedermayer <michaelni@gmx.at>
Mon, 11 May 2015 13:34:28 +0000 (15:34 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Mon, 11 May 2015 13:56:16 +0000 (15:56 +0200)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavformat/oggenc.c

index ca40063..873dfac 100644 (file)
@@ -282,16 +282,18 @@ static int ogg_buffer_data(AVFormatContext *s, AVStream *st,
     return 0;
 }
 
-static uint8_t *ogg_write_vorbiscomment(int offset, int bitexact,
+static uint8_t *ogg_write_vorbiscomment(int64_t offset, int bitexact,
                                         int *header_len, AVDictionary **m, int framing_bit)
 {
     const char *vendor = bitexact ? "ffmpeg" : LIBAVFORMAT_IDENT;
-    int size;
+    int64_t size;
     uint8_t *p, *p0;
 
     ff_metadata_conv(m, ff_vorbiscomment_metadata_conv, NULL);
 
     size = offset + ff_vorbiscomment_length(*m, vendor) + framing_bit;
+    if (size > INT_MAX)
+        return NULL;
     p = av_mallocz(size);
     if (!p)
         return NULL;