multimedia/ffmpeg/patches/patch-4xm


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

$NetBSD: patch-4xm,v 1.1 2009/01/29 15:02:13 tron Exp $

Patch for buffer overflow based on this change:
http://svn.ffmpeg.org/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846

--- libavformat/4xm.c.orig	2009-01-29 14:33:19.000000000 +0000
+++ libavformat/4xm.c	2009-01-29 14:37:44.000000000 +0000
@@ -163,10 +163,12 @@
                 return AVERROR_INVALIDDATA;
             }
             current_track = AV_RL32(&header[i + 8]);
+            if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack) - 1){
+                av_log(s, AV_LOG_ERROR, "current_track too large\n");
+                return -1;
+            }
             if (current_track + 1 > fourxm->track_count) {
                 fourxm->track_count = current_track + 1;
-                if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack))
-                    return -1;
                 fourxm->tracks = av_realloc(fourxm->tracks,
                     fourxm->track_count * sizeof(AudioTrack));
                 if (!fourxm->tracks) {