Stowage/ffmpeg
2
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-06-04 06:30:49 +00:00
Code Issues Projects Releases Packages Wiki Activity

avformat/oggparsevorbis.c: Prevent integer overflow when summing header lengths; add bounds check.

Browse source 
Cherry-picked from 6e0e13b0bf

Signed-off-by: Romain Beauxis <romain.beauxis@gmail.com>
This commit is contained in:
Romain Beauxis 2026-05-21 20:55:41 +00:00
parent d0f9f7a27b
commit fc265ebb9e
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
libavformat/oggparsevorbis.c
View file

@ -223,8 +223,11 @@ static int fixup_vorbis_headers(AVFormatContext *as,
int i, offset, len, err;
int buf_len;
unsigned char *ptr;
uint64_t total_len = (uint64_t)priv->len[0] + priv->len[1] + priv->len[2];
if (total_len + total_len / 255 + 64 > INT_MAX)
return AVERROR_INVALIDDATA;
len = priv->len[0] + priv->len[1] + priv->len[2];
len = total_len;
buf_len = len + len / 255 + 64;
if (*buf)