497cc0cdd9
(stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c) -add (a modified version of) the ffmpeg 4xm patch which fixes possible memory corruption bump PKGREVISION
20 lines
909 B
Text
20 lines
909 B
Text
$NetBSD: patch-aq,v 1.1 2009/02/02 19:20:49 drochner Exp $
|
|
|
|
--- libavformat/4xm.c.orig 2009-01-29 13:36:59.000000000 +0100
|
|
+++ libavformat/4xm.c
|
|
@@ -163,10 +163,13 @@ static int fourxm_read_header(AVFormatCo
|
|
return AVERROR_INVALIDDATA;
|
|
}
|
|
current_track = AV_RL32(&header[i + 8]);
|
|
+ if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack) - 1){
|
|
+ av_log(s, AV_LOG_ERROR, "current_track too large\n");
|
|
+ av_free(header);
|
|
+ return AVERROR_INVALIDDATA;
|
|
+ }
|
|
if (current_track + 1 > fourxm->track_count) {
|
|
fourxm->track_count = current_track + 1;
|
|
- if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack))
|
|
- return -1;
|
|
fourxm->tracks = av_realloc(fourxm->tracks,
|
|
fourxm->track_count * sizeof(AudioTrack));
|
|
if (!fourxm->tracks) {
|