summaryrefslogtreecommitdiff
path: root/libavformat/matroskaenc.c
diff options
context:
space:
mode:
authorAnton Khirnov <anton@khirnov.net>2021-04-04 10:41:59 +0200
committerAnton Khirnov <anton@khirnov.net>2021-04-08 11:03:15 +0200
commit2822bfbbfbc7a0013849758cc557226d48956424 (patch)
treec396716e5fdeaff4f718e6c21ced19bd11013f1d /libavformat/matroskaenc.c
parent19e81034064586eb9873f7972aaa7915bc56c98e (diff)
downloadffmpeg-2822bfbbfbc7a0013849758cc557226d48956424.tar.gz
lavf/matroskaenc: fix avio_printf argument types after bump
Field precision supplied with the '*' specification must be an int. Also, make sure converting those fields to int does not overflow.
Diffstat (limited to 'libavformat/matroskaenc.c')
-rw-r--r--libavformat/matroskaenc.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c
index bbf231f2a4..609a588f78 100644
--- a/libavformat/matroskaenc.c
+++ b/libavformat/matroskaenc.c
@@ -2143,7 +2143,7 @@ static int mkv_write_vtt_blocks(AVFormatContext *s, AVIOContext *pb, const AVPac
mkv_track *track = &mkv->tracks[pkt->stream_index];
ebml_master blockgroup;
buffer_size_t id_size, settings_size;
- int size;
+ int size, id_size_int, settings_size_int;
const char *id, *settings;
int64_t ts = track->write_dts ? pkt->dts : pkt->pts;
const int flags = 0;
@@ -2156,6 +2156,10 @@ static int mkv_write_vtt_blocks(AVFormatContext *s, AVIOContext *pb, const AVPac
&settings_size);
settings = settings ? settings : "";
+ if (id_size > INT_MAX - 2 || settings_size > INT_MAX - id_size - 2 ||
+ pkt->size > INT_MAX - settings_size - id_size - 2)
+ return AVERROR(EINVAL);
+
size = id_size + 1 + settings_size + 1 + pkt->size;
/* The following string is identical to the one in mkv_write_block so that
@@ -2175,7 +2179,10 @@ static int mkv_write_vtt_blocks(AVFormatContext *s, AVIOContext *pb, const AVPac
put_ebml_num(pb, track->track_num, track->track_num_size);
avio_wb16(pb, ts - mkv->cluster_pts);
avio_w8(pb, flags);
- avio_printf(pb, "%.*s\n%.*s\n%.*s", id_size, id, settings_size, settings, pkt->size, pkt->data);
+
+ id_size_int = id_size;
+ settings_size_int = settings_size;
+ avio_printf(pb, "%.*s\n%.*s\n%.*s", id_size_int, id, settings_size_int, settings, pkt->size, pkt->data);
put_ebml_uint(pb, MATROSKA_ID_BLOCKDURATION, pkt->duration);
end_ebml_master(pb, blockgroup);
@@ -2352,6 +2359,8 @@ static int mkv_write_packet_internal(AVFormatContext *s, const AVPacket *pkt)
} else {
if (par->codec_id == AV_CODEC_ID_WEBVTT) {
duration = mkv_write_vtt_blocks(s, pb, pkt);
+ if (duration < 0)
+ return duration;
} else {
ebml_master blockgroup = start_ebml_master(pb, MATROSKA_ID_BLOCKGROUP,
mkv_blockgroup_size(pkt->size,