diff mbox series

[FFmpeg-devel,4/9] avformat/evcdec: use an unsigned type for nalu_size

Message ID 20230620144042.9629-4-jamrial@gmail.com
State Accepted
Commit d0d20f16ce4de0d814b7dac28fa18c666b7a8a85
Headers show
Series [FFmpeg-devel,1/9] avformat/evcdec: ensure there are enough bytes to seekback | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 fail Make fate failed
andriy/make_x86 success Make finished
andriy/make_fate_x86 fail Make fate failed

Commit Message

James Almer June 20, 2023, 2:40 p.m. UTC 
But ensure the value returned by evc_read_nal_unit_length() fits in an int.
Should prevent integer overflows later in the code.

Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavformat/evcdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/libavformat/evcdec.c b/libavformat/evcdec.c
index 842258d229..ef743028ae 100644
--- a/libavformat/evcdec.c
+++ b/libavformat/evcdec.c
@@ -181,7 +181,7 @@  fail:
 static int evc_read_packet(AVFormatContext *s, AVPacket *pkt)
 {
     int ret;
-    int32_t nalu_size;
+    uint32_t nalu_size;
     int au_end_found = 0;
     EVCDemuxContext *const c = s->priv_data;
 
@@ -200,7 +200,7 @@  static int evc_read_packet(AVFormatContext *s, AVPacket *pkt)
             return ret;
 
         nalu_size = read_nal_unit_length((const uint8_t *)&buf, EVC_NALU_LENGTH_PREFIX_SIZE);
-        if (nalu_size <= 0)
+        if (!nalu_size || nalu_size > INT_MAX)
             return AVERROR_INVALIDDATA;
 
         avio_seek(s->pb, -EVC_NALU_LENGTH_PREFIX_SIZE, SEEK_CUR);