Commit b65efbc0 authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/mpegvideo_enc: Check for integer overflow in ff_mpv_reallocate_putbitbuffer()

Fixes assertion failure
Fixes: 6568d187979ce17878b6fe5fbbb89142/signal_sigabrt_7ffff6ae7cb7_7176_564bbc6741bdcf907f5c4e685c9a77a2.mpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent 8248b51e
...@@ -2845,6 +2845,11 @@ int ff_mpv_reallocate_putbitbuffer(MpegEncContext *s, size_t threshold, size_t s ...@@ -2845,6 +2845,11 @@ int ff_mpv_reallocate_putbitbuffer(MpegEncContext *s, size_t threshold, size_t s
uint8_t *new_buffer = NULL; uint8_t *new_buffer = NULL;
int new_buffer_size = 0; int new_buffer_size = 0;
if ((s->avctx->internal->byte_buffer_size + size_increase) >= INT_MAX/8) {
av_log(s->avctx, AV_LOG_ERROR, "Cannot reallocate putbit buffer\n");
return AVERROR(ENOMEM);
}
av_fast_padded_malloc(&new_buffer, &new_buffer_size, av_fast_padded_malloc(&new_buffer, &new_buffer_size,
s->avctx->internal->byte_buffer_size + size_increase); s->avctx->internal->byte_buffer_size + size_increase);
if (!new_buffer) if (!new_buffer)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment