mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2025-12-12 18:10:13 +01:00
db374790c7
The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size is 3, the right side overflows leading to a wrong result of the comparison and subsequently a heap buffer overflow. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
7.8 KiB
7.8 KiB