smacker: Avoid integer overflow when allocating packets

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st>

smacker: Avoid integer overflow when allocating packets
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st>
710b0e27 · Martin Storsjö · 8d928023 · 710b0e27
Commit 710b0e27 authored Sep 11, 2013 by Martin Storsjö
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

smacker.c libavformat/smacker.c +1 -1

No files found.
--- a/libavformat/smacker.c
+++ b/libavformat/smacker.c
@@ -327,7 +327,7 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt)
            }
            flags >>= 1;
        }
-        if (frame_size < 0)
+        if (frame_size < 0 || frame_size >= INT_MAX/2)
            return AVERROR_INVALIDDATA;
        if (av_new_packet(pkt, frame_size + 769))
            return AVERROR(ENOMEM);