Commit 13164467 authored by Martin Storsjö's avatar Martin Storsjö

http: Check for negative chunk sizes

A negative chunk size is illegal and would end up used as
length for memcpy, where it would lead to memory accesses
out of bounds.
Found-by: 's avatarPaul Cher <paulcher@icloud.com>

CC: libav-stable@libav.org
Signed-off-by: 's avatarMartin Storsjö <martin@martin.st>
parent 0b77a593
...@@ -784,8 +784,9 @@ static int http_read_stream(URLContext *h, uint8_t *buf, int size) ...@@ -784,8 +784,9 @@ static int http_read_stream(URLContext *h, uint8_t *buf, int size)
av_log(NULL, AV_LOG_TRACE, "Chunked encoding data size: %"PRId64"'\n", av_log(NULL, AV_LOG_TRACE, "Chunked encoding data size: %"PRId64"'\n",
s->chunksize); s->chunksize);
if (s->chunksize < 0)
if (!s->chunksize) return AVERROR_INVALIDDATA;
else if (!s->chunksize)
return 0; return 0;
break; break;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment