rtp: Fix integer underflow that could allow remote code execution.

Fixes MSVR-11-0088 Credit: Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

rtp: Fix integer underflow that could allow remote code execution.
Fixes MSVR-11-0088 Credit: Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
ba9a7e0d · Michael Niedermayer · 3961695b · ba9a7e0d
Commit ba9a7e0d authored Sep 07, 2011 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

rtpdec_asf.c libavformat/rtpdec_asf.c +2 -0

No files found.
--- a/libavformat/rtpdec_asf.c
+++ b/libavformat/rtpdec_asf.c
@@ -235,6 +235,8 @@ static int asfrtp_parse_packet(AVFormatContext *s, PayloadContext *asf,
                int prev_len = out_len;
                out_len += cur_len;
                asf->buf = av_realloc(asf->buf, out_len);
+                if(!asf->buf || FFMIN(cur_len, len - off)<0)
+                    return -1;
                memcpy(asf->buf + prev_len, buf + off,
                       FFMIN(cur_len, len - off));
                avio_skip(pb, cur_len);