OSDN Git Service
(root)
/
android-x86
/
external-ffmpeg.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
0b77a59
)
http: Check for negative chunk sizes
author
Martin Storsjö
<martin@martin.st>
Thu, 15 Dec 2016 08:24:20 +0000
(10:24 +0200)
committer
Martin Storsjö
<martin@martin.st>
Fri, 23 Dec 2016 19:28:05 +0000
(21:28 +0200)
A negative chunk size is illegal and would end up used as
length for memcpy, where it would lead to memory accesses
out of bounds.
Found-by: Paul Cher <paulcher@icloud.com>
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
libavformat/http.c
patch
|
blob
|
history
diff --git
a/libavformat/http.c
b/libavformat/http.c
index
8fe8d11
..
00cf295
100644
(file)
--- a/
libavformat/http.c
+++ b/
libavformat/http.c
@@
-784,8
+784,9
@@
static int http_read_stream(URLContext *h, uint8_t *buf, int size)
av_log(NULL, AV_LOG_TRACE, "Chunked encoding data size: %"PRId64"'\n",
s->chunksize);
-
- if (!s->chunksize)
+ if (s->chunksize < 0)
+ return AVERROR_INVALIDDATA;
+ else if (!s->chunksize)
return 0;
break;
}
OSDN Git Service
