[FFmpeg-cvslog] westwooddemuxer: Fix 1gb alloc

Thu Dec 15 21:44:15 CET 2011

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Dec 15 20:25:50 2011 +0100| [f68b19fc28df0a15fa6134726954365d70dec74f] | committer: Michael Niedermayer

westwooddemuxer: Fix 1gb alloc
Fixes Ticket765
Bug Found by: Diana Elena Muscalu

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f68b19fc28df0a15fa6134726954365d70dec74f
---

 libavformat/westwood.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/libavformat/westwood.c b/libavformat/westwood.c
index d39c4c6..5632650 100644
--- a/libavformat/westwood.c
+++ b/libavformat/westwood.c
@@ -320,8 +320,15 @@ static int wsvqa_read_packet(AVFormatContext *s,
     int skip_byte;
 
     while (avio_read(pb, preamble, VQA_PREAMBLE_SIZE) == VQA_PREAMBLE_SIZE) {
+        int64_t filesize= avio_size(s->pb);
         chunk_type = AV_RB32(&preamble[0]);
         chunk_size = AV_RB32(&preamble[4]);
+
+        if(chunk_size > filesize){
+            av_log(s, AV_LOG_ERROR, "Chunk with size %d truncated\n", chunk_size);
+            chunk_size= filesize;
+        }
+
         skip_byte = chunk_size & 0x01;
 
         if ((chunk_type == SND1_TAG) || (chunk_type == SND2_TAG) || (chunk_type == VQFR_TAG)) {

