avformat/mxfdec: Check size to avoid integer overflow in mxf_read_utf16_string()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/mxfdec: Check size to avoid integer overflow in mxf_read_utf16_string()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
fecb3e82 · Michael Niedermayer · c495f4ff · fecb3e82
Commit fecb3e82 authored Oct 21, 2016 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

mxfdec.c libavformat/mxfdec.c +1 -1

No files found.
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -717,7 +717,7 @@ static inline int mxf_read_utf16_string(AVIOContext *pb, int size, char** str, i
    int ret;
    size_t buf_size;

-    if (size < 0)
+    if (size < 0 || size > INT_MAX/2)
        return AVERROR(EINVAL);

    buf_size = size + size / 2 + 1;