f44e8cb571
From Brad. FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.
19 lines
949 B
Plaintext
19 lines
949 B
Plaintext
$OpenBSD: patch-libavformat_4xm_c,v 1.1 2009/01/29 11:30:27 sthen Exp $
|
|
--- libavformat/4xm.c.orig Wed Jan 28 23:23:35 2009
|
|
+++ libavformat/4xm.c Wed Jan 28 23:27:23 2009
|
|
@@ -163,10 +163,12 @@ static int fourxm_read_header(AVFormatContext *s,
|
|
return AVERROR_INVALIDDATA;
|
|
}
|
|
current_track = AV_RL32(&header[i + 8]);
|
|
+ if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack) - 1){
|
|
+ av_log(s, AV_LOG_ERROR, "current_track too large\n");
|
|
+ return -1;
|
|
+ }
|
|
if (current_track + 1 > fourxm->track_count) {
|
|
fourxm->track_count = current_track + 1;
|
|
- if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack))
|
|
- return -1;
|
|
fourxm->tracks = av_realloc(fourxm->tracks,
|
|
fourxm->track_count * sizeof(AudioTrack));
|
|
if (!fourxm->tracks) {
|