diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2005-01-08 14:21:33 +0000 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2005-01-08 14:21:33 +0000 |
| commit | 568e18b15e2ddf494fd8926707d34ca08c8edce5 (patch) | |
| tree | 18f59992848e24c529a01bd98aed66af3762b2d1 /libavformat/http.c | |
| parent | 934b0821dbb8fb33b2736fe4aab09fc2b6cc8ccc (diff) | |
integer overflows, heap corruption
possible arbitrary code execution cannot be ruled out in some cases
precautionary checks
Originally committed as revision 3813 to svn://svn.ffmpeg.org/ffmpeg/trunk
Diffstat (limited to 'libavformat/http.c')
| -rw-r--r-- | libavformat/http.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/libavformat/http.c b/libavformat/http.c index d8ab4d3f44..85b1f319bd 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -290,12 +290,16 @@ URLProtocol http_protocol = { static char *b64_encode( unsigned char *src ) { static const char b64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - - char *dst = av_malloc( strlen( src ) * 4 / 3 + 12 ); - char *ret = dst; + unsigned int len= strlen(src); + char *ret, *dst; unsigned i_bits = 0; unsigned i_shift = 0; - + + if(len < UINT_MAX/4){ + ret=dst= av_malloc( len * 4 / 3 + 12 ); + }else + return NULL; + for( ;; ) { if( *src ) |