Commit 889ad93c authored by Andreas Rheinhardt's avatar Andreas Rheinhardt

fftools/ffmpeg_opt: Check attachment filesize

The data of an attachment file is put into an AVCodecParameter's
extradata. The corresponding size field has type int, yet there was no
check for the size to fit into an int. As a consequence, it was possible
to create extradata with negative size (by using a big enough max_alloc).

Other errors were also possible: If SIZE_MAX < INT64_MAX (e.g. on 32bit
systems) then the file size might be truncated before the allocation;
and avio_read() takes an int, too, so one would not have read as much
as one desired.

Furthermore, the extradata is now padded as is required.
Reviewed-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
Signed-off-by: 's avatarAndreas Rheinhardt <andreas.rheinhardt@gmail.com>
parent d1e52e39
...@@ -2432,12 +2432,14 @@ loop_end: ...@@ -2432,12 +2432,14 @@ loop_end:
o->attachments[i]); o->attachments[i]);
exit_program(1); exit_program(1);
} }
if (!(attachment = av_malloc(len))) { if (len > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE ||
av_log(NULL, AV_LOG_FATAL, "Attachment %s too large to fit into memory.\n", !(attachment = av_malloc(len + AV_INPUT_BUFFER_PADDING_SIZE))) {
av_log(NULL, AV_LOG_FATAL, "Attachment %s too large.\n",
o->attachments[i]); o->attachments[i]);
exit_program(1); exit_program(1);
} }
avio_read(pb, attachment, len); avio_read(pb, attachment, len);
memset(attachment + len, 0, AV_INPUT_BUFFER_PADDING_SIZE);
ost = new_attachment_stream(o, oc, -1); ost = new_attachment_stream(o, oc, -1);
ost->stream_copy = 0; ost->stream_copy = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment