avformat/utils: Fix potential integer overflow in extract_extradata()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/utils: Fix potential integer overflow in extract_extradata()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
0a41a8bf · Michael Niedermayer · b4a1ccfc · 0a41a8bf
Commit 0a41a8bf authored Sep 26, 2018 by Michael Niedermayer
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

utils.c libavformat/utils.c +3 -1

No files found.
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -3544,6 +3544,8 @@ static int extract_extradata(AVStream *st, AVPacket *pkt)
                                            &extradata_size);

        if (extradata) {
+            av_assert0(!sti->avctx->extradata);
+            if ((unsigned)extradata_size < FF_MAX_EXTRADATA_SIZE)
                sti->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
            if (!sti->avctx->extradata) {
                av_packet_unref(pkt_ref);