Merge commit '24130234cd9dd733116d17b724ea4c8e12ce097a'
[ffmpeg.git] / libavformat / rtpdec_mpeg4.c
index 068d378..994ab49 100644 (file)
@@ -289,11 +289,22 @@ static int parse_fmtp(AVFormatContext *s,
         for (i = 0; attr_names[i].str; ++i) {
             if (!av_strcasecmp(attr, attr_names[i].str)) {
                 if (attr_names[i].type == ATTR_NAME_TYPE_INT) {
+                    int val = atoi(value);
+                    if (val > 32) {
+                        av_log(s, AV_LOG_ERROR,
+                               "The %s field size is invalid (%d)\n",
+                               attr, val);
+                        return AVERROR_INVALIDDATA;
+                    }
                     *(int *)((char *)data+
-                        attr_names[i].offset) = atoi(value);
-                } else if (attr_names[i].type == ATTR_NAME_TYPE_STR)
+                        attr_names[i].offset) = val;
+                } else if (attr_names[i].type == ATTR_NAME_TYPE_STR) {
+                    char *val = av_strdup(value);
+                    if (!val)
+                        return AVERROR(ENOMEM);
                     *(char **)((char *)data+
-                        attr_names[i].offset) = av_strdup(value);
+                        attr_names[i].offset) = val;
+                }
             }
         }
     }