avformat/wavdec: Check chunk_size

Fixes integer overflow and out of array access Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: 李赞 <lizan@ruc.edu.cn> 2017-05-10 14:55:34 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2017-05-10 15:21:17 +0200
commit: 3d232196372f309a75ed074c4cef30578eec1782 (patch)
tree: 9e00bb6061eb504732b562ffba756b0443f25dbf /libavformat/wavdec.c
parent: 5871adc90f8c1037535563e33ebeaf032bb4d5d6 (diff)
download: ffmpeg-3d232196372f309a75ed074c4cef30578eec1782.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c
index 602ce97530..81dbc9f16e 100644
--- a/libavformat/wavdec.c
+++ b/libavformat/wavdec.c
@@ -841,6 +841,8 @@ static int w64_read_header(AVFormatContext *s)
                 chunk_key[4] = 0;
                 avio_read(pb, chunk_key, 4);
                 chunk_size = avio_rl32(pb);
+                if (chunk_size == UINT32_MAX)
+                    return AVERROR_INVALIDDATA;
 
                 value = av_mallocz(chunk_size + 1);
                 if (!value)
author	李赞 <lizan@ruc.edu.cn>	2017-05-10 14:55:34 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2017-05-10 15:21:17 +0200
commit	3d232196372f309a75ed074c4cef30578eec1782 (patch)
tree	9e00bb6061eb504732b562ffba756b0443f25dbf /libavformat/wavdec.c
parent	5871adc90f8c1037535563e33ebeaf032bb4d5d6 (diff)
download	ffmpeg-3d232196372f309a75ed074c4cef30578eec1782.tar.gz