Commit 72e715fb authored by michael's avatar michael

Fix remotely exploitable arbitrary code execution vulnerability.

Found by Tobias Klein / tk // trapkit / de /
See: http://www.trapkit.de/advisories/TKADV2009-004.txt


git-svn-id: file:///var/local/repositories/ffmpeg/trunk@16846 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
parent 82608abe
......@@ -166,12 +166,13 @@ static int fourxm_read_header(AVFormatContext *s,
goto fail;
}
current_track = AV_RL32(&header[i + 8]);
if (current_track + 1 > fourxm->track_count) {
fourxm->track_count = current_track + 1;
if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack)){
if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack) - 1){
av_log(s, AV_LOG_ERROR, "current_track too large\n");
ret= -1;
goto fail;
}
if (current_track + 1 > fourxm->track_count) {
fourxm->track_count = current_track + 1;
fourxm->tracks = av_realloc(fourxm->tracks,
fourxm->track_count * sizeof(AudioTrack));
if (!fourxm->tracks) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment