From d11b5e6096b888caa7e6c4d159f6c0c44d0ca83d Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Date: Fri, 22 Mar 2024 15:24:47 +0100
Subject: [PATCH] avutil/frame: Use av_realloc_array(), improve overflow check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Also use sizeof of the proper type, namely sizeof(**sd)
and not sizeof(*sd).

Reviewed-by: Jan Ekström <jeebjp@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavutil/frame.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libavutil/frame.c b/libavutil/frame.c
index 7dd37e5490..d7a32cdc92 100644
--- a/libavutil/frame.c
+++ b/libavutil/frame.c
@@ -721,10 +721,11 @@ static AVFrameSideData *add_side_data_from_buf(AVFrameSideData ***sd,
     if (!buf)
         return NULL;
 
-    if (*nb_sd > INT_MAX / sizeof(*sd) - 1)
+    // *nb_sd + 1 needs to fit into an int and a size_t.
+    if ((unsigned)*nb_sd >= FFMIN(INT_MAX, SIZE_MAX))
         return NULL;
 
-    tmp = av_realloc(*sd, (*nb_sd + 1) * sizeof(*sd));
+    tmp = av_realloc_array(*sd, sizeof(**sd), *nb_sd + 1);
     if (!tmp)
         return NULL;
     *sd = tmp;