From 0db5b2b9f8a96298eeba7988d43c4eb44220fab3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 11 May 2015 15:34:28 +0200 Subject: [PATCH] avformat/oggenc: Check ff_vorbiscomment_length in ogg_write_vorbiscomment() Signed-off-by: Michael Niedermayer --- libavformat/oggenc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavformat/oggenc.c b/libavformat/oggenc.c index ca40063f0d..873dfacbf6 100644 --- a/libavformat/oggenc.c +++ b/libavformat/oggenc.c @@ -282,16 +282,18 @@ static int ogg_buffer_data(AVFormatContext *s, AVStream *st, return 0; } -static uint8_t *ogg_write_vorbiscomment(int offset, int bitexact, +static uint8_t *ogg_write_vorbiscomment(int64_t offset, int bitexact, int *header_len, AVDictionary **m, int framing_bit) { const char *vendor = bitexact ? "ffmpeg" : LIBAVFORMAT_IDENT; - int size; + int64_t size; uint8_t *p, *p0; ff_metadata_conv(m, ff_vorbiscomment_metadata_conv, NULL); size = offset + ff_vorbiscomment_length(*m, vendor) + framing_bit; + if (size > INT_MAX) + return NULL; p = av_mallocz(size); if (!p) return NULL;