Files · 79a14c9a10a6356fa9158e62f206c63833dcc632 · Иван Мажукин / mpd

mp4: fix potential integer overflow bug in the mp4_decode() function · 79a14c9a

authored Sep 12, 2008

A crafted mp4 file could cause an integer overflow in mp4_decode
function in src/inputPlugins/mp4_plugin.c. mp4ff_num_samples()
function returns some tainted value. sizeof(float) * numSamples is an
integer overflow operation if numSamples is too huge, so xmalloc will
allocate a small memory region. I constructe a mp4 file, and use
faad2 to open the file. mp4ff_num_samples() returns -1. So I think mpd
bears from the same problem.

79a14c9a

Name	Last commit	Last update
bs		Loading commit data...
doc		Loading commit data...
m4		Loading commit data...
scripts		Loading commit data...
src		Loading commit data...
AUTHORS		Loading commit data...
COPYING		Loading commit data...
ChangeLog		Loading commit data...
INSTALL		Loading commit data...
Makefile.am		Loading commit data...
README		Loading commit data...
TODO		Loading commit data...
UPGRADING		Loading commit data...
autogen.sh		Loading commit data...
build.mk		Loading commit data...
configure.ac		Loading commit data...

README