wtvdec: fix name_size check to consider integer overflows.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

wtvdec: fix name_size check to consider integer overflows.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
c42efad3 · Michael Niedermayer · 83c7803f · c42efad3
Commit c42efad3 authored Apr 14, 2012 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

wtvdec.c libavformat/wtvdec.c +1 -1

No files found.
--- a/libavformat/wtvdec.c
+++ b/libavformat/wtvdec.c
@@ -258,7 +258,7 @@ static AVIOContext * wtvfile_open2(AVFormatContext *s, const uint8_t *buf, int b
        dir_length  = AV_RL16(buf + 16);
        file_length = AV_RL64(buf + 24);
        name_size   = 2 * AV_RL32(buf + 32);
-        if (buf + 48 + name_size > buf_end) {
+        if (buf + 48 + (int64_t)name_size > buf_end || name_size<0) {
            av_log(s, AV_LOG_ERROR, "filename exceeds buffer size; remaining directory entries ignored\n");
            break;
        }