smacker: Avoid integer overflow when allocating packets
authorMartin Storsjö <martin@martin.st>
Wed, 11 Sep 2013 12:25:13 +0000 (15:25 +0300)
committerLuca Barbato <lu_zero@gentoo.org>
Tue, 7 Jan 2014 08:43:56 +0000 (09:43 +0100)
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 710b0e27025948b7511821c2f888ff2d74a59e14)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
libavformat/smacker.c

index 3d5a3b8..92b91b7 100644 (file)
@@ -320,7 +320,7 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt)
             }
             flags >>= 1;
         }
-        if (frame_size < 0)
+        if (frame_size < 0 || frame_size >= INT_MAX/2)
             return AVERROR_INVALIDDATA;
         if (av_new_packet(pkt, frame_size + 769))
             return AVERROR(ENOMEM);