Message ID | 20200919193109.31148-4-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | bc0e776c9aaf06f437bf21e05a713fd54dc85400 |
Headers | show |
Series | [FFmpeg-devel,1/5] avcodec/sonic: Check for overread | expand |
Context | Check | Description |
---|---|---|
andriy/default | pending | |
andriy/make | success | Make finished |
andriy/make_fate | success | Make fate finished |
On Sat, Sep 19, 2020 at 09:31:08PM +0200, Michael Niedermayer wrote: > Fixes: Integer overflow (no testcase) > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/ansi.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > ok
On Sat, Sep 19, 2020 at 09:47:45PM +0200, Paul B Mahol wrote: > On Sat, Sep 19, 2020 at 09:31:08PM +0200, Michael Niedermayer wrote: > > Fixes: Integer overflow (no testcase) > > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/ansi.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > ok will apply thx [...]
diff --git a/libavcodec/ansi.c b/libavcodec/ansi.c index 516d07db69..272185230d 100644 --- a/libavcodec/ansi.c +++ b/libavcodec/ansi.c @@ -431,7 +431,8 @@ static int decode_frame(AVCodecContext *avctx, s->args[s->nb_args] = FFMAX(s->args[s->nb_args], 0) * 10 + buf[0] - '0'; break; case ';': - s->nb_args++; + if (s->nb_args < MAX_NB_ARGS) + s->nb_args++; if (s->nb_args < MAX_NB_ARGS) s->args[s->nb_args] = 0; break;
Fixes: Integer overflow (no testcase) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/ansi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)