idcin: check chunk_size value before using it

Fixes integer overflow. Fixes CID732223. Signed-off-by: Paul B Mahol <onemda@gmail.com>

idcin: check chunk_size value before using it
Fixes integer overflow. Fixes CID732223. Signed-off-by: Paul B Mahol <onemda@gmail.com>
295218f5 · Paul B Mahol · 3f814891 · 295218f5
Commit 295218f5 authored Oct 15, 2012 by Paul B Mahol
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

idcin.c libavformat/idcin.c +2 -0

No files found.
--- a/libavformat/idcin.c
+++ b/libavformat/idcin.c
@@ -256,6 +256,8 @@ static int idcin_read_packet(AVFormatContext *s,
        chunk_size = avio_rl32(pb);
        /* skip the number of decoded bytes (always equal to width * height) */
        avio_skip(pb, 4);
+        if (chunk_size < 4)
+            return AVERROR_INVALIDDATA;
        chunk_size -= 4;
        ret= av_get_packet(pb, pkt, chunk_size);
        if (ret < 0)