[FFmpeg-cvslog] r22271 - trunk/libavformat/matroskadec.c
conrad
subversion
Sun Mar 7 03:26:30 CET 2010
Author: conrad
Date: Sun Mar 7 03:26:30 2010
New Revision: 22271
Log:
matroskadec: Fix a buffer overread
Modified:
trunk/libavformat/matroskadec.c
Modified: trunk/libavformat/matroskadec.c
==============================================================================
--- trunk/libavformat/matroskadec.c Sun Mar 7 00:36:30 2010 (r22270)
+++ trunk/libavformat/matroskadec.c Sun Mar 7 03:26:30 2010 (r22271)
@@ -1676,6 +1676,11 @@ static int matroska_parse_block(Matroska
int offset = 0, pkt_size = lace_size[n];
uint8_t *pkt_data = data;
+ if (lace_size[n] > size) {
+ av_log(matroska->ctx, AV_LOG_ERROR, "Invalid packet size\n");
+ break;
+ }
+
if (encodings && encodings->scope & 1) {
offset = matroska_decode_buffer(&pkt_data,&pkt_size, track);
if (offset < 0)
@@ -1727,6 +1732,7 @@ static int matroska_parse_block(Matroska
if (timecode != AV_NOPTS_VALUE)
timecode = duration ? timecode + duration : AV_NOPTS_VALUE;
data += lace_size[n];
+ size -= lace_size[n];
}
}
More information about the ffmpeg-cvslog
mailing list