siff: Fix excessive memory allocation.

Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

siff: Fix excessive memory allocation.
Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
1c73391d · Michael Niedermayer · af3f2a87 · 1c73391d
Commit 1c73391d authored Dec 18, 2011 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

siff.c libavformat/siff.c +5 -0

No files found.
--- a/libavformat/siff.c
+++ b/libavformat/siff.c
@@ -201,7 +201,12 @@ static int siff_read_packet(AVFormatContext *s, AVPacket *pkt)
        }

        if (!c->curstrm){
+            int64_t fsize= avio_size(s->pb);
            size = c->pktsize - c->sndsize;
+            if(fsize>0)
+                size= FFMIN(size, fsize - avio_tell(s->pb) + c->gmcsize + 3);
+            if(size < 2 + c->gmcsize || c->pktsize < c->sndsize)
+                return AVERROR_INVALIDDATA;
            if (av_new_packet(pkt, size) < 0)
                return AVERROR(ENOMEM);
            AV_WL16(pkt->data, c->flags);