X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavformat%2Fiff.c;h=04fe8be4eb80cf0818cc194128b7eb20ce6d9caf;hb=9b72cea4463dd2fabcd9ba1454a0855e521d0148;hp=4cf17f6e1a9503518959f0b2358ef730bd93e13c;hpb=a024c3ce9a502849013a4aa2c0a6de0c9270261c;p=ffmpeg

diff --git a/libavformat/iff.c b/libavformat/iff.c
index 4cf17f6e1a9..04fe8be4eb8 100644
--- a/libavformat/iff.c
+++ b/libavformat/iff.c
@@ -142,7 +142,7 @@ static int get_metadata(AVFormatContext *s,
     return 0;
 }
 
-static int iff_probe(AVProbeData *p)
+static int iff_probe(const AVProbeData *p)
 {
     const uint8_t *d = p->buf;
 
@@ -312,8 +312,8 @@ static int parse_dsd_prop(AVFormatContext *s, AVStream *st, uint64_t eof)
             id3v2_extra_meta = NULL;
             ff_id3v2_read(s, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta, size);
             if (id3v2_extra_meta) {
-                if ((ret = ff_id3v2_parse_apic(s, &id3v2_extra_meta)) < 0 ||
-                    (ret = ff_id3v2_parse_chapters(s, &id3v2_extra_meta)) < 0) {
+                if ((ret = ff_id3v2_parse_apic(s, id3v2_extra_meta)) < 0 ||
+                    (ret = ff_id3v2_parse_chapters(s, id3v2_extra_meta)) < 0) {
                     ff_id3v2_free_extra_meta(&id3v2_extra_meta);
                     return ret;
                 }
@@ -449,6 +449,9 @@ static int iff_read_header(AVFormatContext *s)
         data_size = iff->is_64bit ? avio_rb64(pb) : avio_rb32(pb);
         orig_pos = avio_tell(pb);
 
+        if (data_size >= INT64_MAX)
+            return AVERROR_INVALIDDATA;
+
         switch(chunk_id) {
         case ID_VHDR:
             st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
@@ -525,12 +528,15 @@ static int iff_read_header(AVFormatContext *s)
                         data_size);
                  return AVERROR_INVALIDDATA;
             }
-            st->codecpar->extradata_size = data_size + IFF_EXTRA_VIDEO_SIZE;
-            st->codecpar->extradata      = av_malloc(data_size + IFF_EXTRA_VIDEO_SIZE + AV_INPUT_BUFFER_PADDING_SIZE);
-            if (!st->codecpar->extradata)
-                return AVERROR(ENOMEM);
-            if (avio_read(pb, st->codecpar->extradata + IFF_EXTRA_VIDEO_SIZE, data_size) < 0)
+            res = ff_alloc_extradata(st->codecpar,
+                                     data_size + IFF_EXTRA_VIDEO_SIZE);
+            if (res < 0)
+                return res;
+            if (avio_read(pb, st->codecpar->extradata + IFF_EXTRA_VIDEO_SIZE, data_size) < 0) {
+                av_freep(&st->codecpar->extradata);
+                st->codecpar->extradata_size = 0;
                 return AVERROR(EIO);
+            }
             break;
 
         case ID_BMHD:
@@ -768,10 +774,9 @@ static int iff_read_header(AVFormatContext *s)
         iff->transparency = transparency;
 
         if (!st->codecpar->extradata) {
-            st->codecpar->extradata_size = IFF_EXTRA_VIDEO_SIZE;
-            st->codecpar->extradata      = av_malloc(IFF_EXTRA_VIDEO_SIZE + AV_INPUT_BUFFER_PADDING_SIZE);
-            if (!st->codecpar->extradata)
-                return AVERROR(ENOMEM);
+            int ret = ff_alloc_extradata(st->codecpar, IFF_EXTRA_VIDEO_SIZE);
+            if (ret < 0)
+                return ret;
         }
         av_assert0(st->codecpar->extradata_size >= IFF_EXTRA_VIDEO_SIZE);
         buf = st->codecpar->extradata;