diff mbox series

[FFmpeg-devel,3/5] avformat/aviobuf: Stop restricting dynamic buffer sizes to INT_MAX/2

Message ID 20200525140801.18889-3-andreas.rheinhardt@gmail.com
State Accepted
Commit fa0bc627c5d83f5d8c8f16dec3f46d8c66304488
Headers show
Series [FFmpeg-devel,1/5] avformat/aviobuf: Don't check for overflow after it happened
Related show

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Andreas Rheinhardt May 25, 2020, 2:07 p.m. UTC
This has originally been done in 568e18b15e2ddf494fd8926707d34ca08c8edce5
as a precaution against integer overflows, but it is actually easy to
support the full range of int without overflows.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavformat/aviobuf.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
index fcde7e8510..688c7c50fd 100644
--- a/libavformat/aviobuf.c
+++ b/libavformat/aviobuf.c
@@ -1276,7 +1276,7 @@  static int dyn_buf_write(void *opaque, uint8_t *buf, int buf_size)
 
     /* reallocate buffer if needed */
     new_size = (unsigned)d->pos + buf_size;
-    if (new_size < d->pos || new_size > INT_MAX/2)
+    if (new_size < d->pos || new_size > INT_MAX)
         return -1;
     if (new_size > d->allocated_size) {
         unsigned new_allocated_size = d->allocated_size ? d->allocated_size
@@ -1285,6 +1285,8 @@  static int dyn_buf_write(void *opaque, uint8_t *buf, int buf_size)
         while (new_size > new_allocated_size)
             new_allocated_size += new_allocated_size / 2 + 1;
 
+        new_allocated_size = FFMIN(new_allocated_size, INT_MAX);
+
         if ((err = av_reallocp(&d->buffer, new_allocated_size)) < 0) {
             d->allocated_size = 0;
             d->size = 0;