diff options
author | Anton Khirnov <anton@khirnov.net> | 2021-04-04 10:41:59 +0200 |
---|---|---|
committer | Anton Khirnov <anton@khirnov.net> | 2021-04-08 11:03:15 +0200 |
commit | 2822bfbbfbc7a0013849758cc557226d48956424 (patch) | |
tree | c396716e5fdeaff4f718e6c21ced19bd11013f1d /libavformat/matroskaenc.c | |
parent | 19e81034064586eb9873f7972aaa7915bc56c98e (diff) | |
download | ffmpeg-2822bfbbfbc7a0013849758cc557226d48956424.tar.gz |
lavf/matroskaenc: fix avio_printf argument types after bump
Field precision supplied with the '*' specification must be an int.
Also, make sure converting those fields to int does not overflow.
Diffstat (limited to 'libavformat/matroskaenc.c')
-rw-r--r-- | libavformat/matroskaenc.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index bbf231f2a4..609a588f78 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -2143,7 +2143,7 @@ static int mkv_write_vtt_blocks(AVFormatContext *s, AVIOContext *pb, const AVPac mkv_track *track = &mkv->tracks[pkt->stream_index]; ebml_master blockgroup; buffer_size_t id_size, settings_size; - int size; + int size, id_size_int, settings_size_int; const char *id, *settings; int64_t ts = track->write_dts ? pkt->dts : pkt->pts; const int flags = 0; @@ -2156,6 +2156,10 @@ static int mkv_write_vtt_blocks(AVFormatContext *s, AVIOContext *pb, const AVPac &settings_size); settings = settings ? settings : ""; + if (id_size > INT_MAX - 2 || settings_size > INT_MAX - id_size - 2 || + pkt->size > INT_MAX - settings_size - id_size - 2) + return AVERROR(EINVAL); + size = id_size + 1 + settings_size + 1 + pkt->size; /* The following string is identical to the one in mkv_write_block so that @@ -2175,7 +2179,10 @@ static int mkv_write_vtt_blocks(AVFormatContext *s, AVIOContext *pb, const AVPac put_ebml_num(pb, track->track_num, track->track_num_size); avio_wb16(pb, ts - mkv->cluster_pts); avio_w8(pb, flags); - avio_printf(pb, "%.*s\n%.*s\n%.*s", id_size, id, settings_size, settings, pkt->size, pkt->data); + + id_size_int = id_size; + settings_size_int = settings_size; + avio_printf(pb, "%.*s\n%.*s\n%.*s", id_size_int, id, settings_size_int, settings, pkt->size, pkt->data); put_ebml_uint(pb, MATROSKA_ID_BLOCKDURATION, pkt->duration); end_ebml_master(pb, blockgroup); @@ -2352,6 +2359,8 @@ static int mkv_write_packet_internal(AVFormatContext *s, const AVPacket *pkt) } else { if (par->codec_id == AV_CODEC_ID_WEBVTT) { duration = mkv_write_vtt_blocks(s, pb, pkt); + if (duration < 0) + return duration; } else { ebml_master blockgroup = start_ebml_master(pb, MATROSKA_ID_BLOCKGROUP, mkv_blockgroup_size(pkt->size, |