Fixes: Invalid read of size 4
Fixes: ASAN_Deadlysignal.zip
Found-by: Hardik Shah <hardik05@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
int64_t size;
int minsize = 8;
/* ignore invalid offset */
- if ((offset + 8) > (unsigned int)p->buf_size)
+ if ((offset + 8ULL) > (unsigned int)p->buf_size)
break;
size = AV_RB32(p->buf + offset);
if (size == 1 && offset + 16 <= (unsigned int)p->buf_size) {
score = FFMAX(score, AVPROBE_SCORE_EXTENSION);
break;
}
+ if (size > INT64_MAX - offset)
+ break;
offset += size;
}
if (score > AVPROBE_SCORE_MAX - 50 && moov_offset != -1) {