siff: Fix excessive memory allocation.

Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2011-12-18 22:43:19 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2011-12-18 22:46:29 +0100
commit: 1c73391d7d5e09977bc2c04b247647f69063cf19 (patch)
tree: 0dd2eed113caf1171f3a8b7b4d0e1723f7c02cbb /libavformat/siff.c
parent: af3f2a87da1d37e5f227c1c289f62e84422879c2 (diff)
download: ffmpeg-1c73391d7d5e09977bc2c04b247647f69063cf19.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libavformat/siff.c b/libavformat/siff.c
index a8d63ee1c0..51dc694e4f 100644
--- a/libavformat/siff.c
+++ b/libavformat/siff.c
@@ -201,7 +201,12 @@ static int siff_read_packet(AVFormatContext *s, AVPacket *pkt)
         }
 
         if (!c->curstrm){
+            int64_t fsize= avio_size(s->pb);
             size = c->pktsize - c->sndsize;
+            if(fsize>0)
+                size= FFMIN(size, fsize - avio_tell(s->pb) + c->gmcsize + 3);
+            if(size < 2 + c->gmcsize || c->pktsize < c->sndsize)
+                return AVERROR_INVALIDDATA;
             if (av_new_packet(pkt, size) < 0)
                 return AVERROR(ENOMEM);
             AV_WL16(pkt->data, c->flags);
author	Michael Niedermayer <michaelni@gmx.at>	2011-12-18 22:43:19 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2011-12-18 22:46:29 +0100
commit	1c73391d7d5e09977bc2c04b247647f69063cf19 (patch)
tree	0dd2eed113caf1171f3a8b7b4d0e1723f7c02cbb /libavformat/siff.c
parent	af3f2a87da1d37e5f227c1c289f62e84422879c2 (diff)
download	ffmpeg-1c73391d7d5e09977bc2c04b247647f69063cf19.tar.gz