diff options
| author | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2009-01-05 14:50:58 +0000 |
|---|---|---|
| committer | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2009-01-05 14:50:58 +0000 |
| commit | 5347abe5764b0a0ff3ef1d357ce9934a425758fa (patch) | |
| tree | 16114922f1fe3862535ef1898da393648522d48b /src/combined/ffmpeg/ff_audio_decoder.c | |
| parent | 0907a74b5fa7b8b439f1f8f5db239c7586bfb12d (diff) | |
| parent | 8f725b5644ac910294fbe28929ddc98cd1d2ad38 (diff) | |
| download | xine-lib-5347abe5764b0a0ff3ef1d357ce9934a425758fa.tar.gz xine-lib-5347abe5764b0a0ff3ef1d357ce9934a425758fa.tar.bz2 | |
Merge security fixes.
Diffstat (limited to 'src/combined/ffmpeg/ff_audio_decoder.c')
| -rw-r--r-- | src/combined/ffmpeg/ff_audio_decoder.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/combined/ffmpeg/ff_audio_decoder.c b/src/combined/ffmpeg/ff_audio_decoder.c index 2a6c04dd3..a9f630506 100644 --- a/src/combined/ffmpeg/ff_audio_decoder.c +++ b/src/combined/ffmpeg/ff_audio_decoder.c @@ -249,6 +249,8 @@ static void ff_audio_decode_data (audio_decoder_t *this_gen, buf_element_t *buf) if (extradata + data_len > this->size) break; /* abort early - extradata length is bad */ + if (extradata > INT_MAX - data_len) + break;/*integer overflow*/ this->context->extradata_size = data_len; this->context->extradata = malloc(this->context->extradata_size + |