[FFmpeg-cvslog] avidec: Check that the header chunks fit in the available filesize.
Michael Niedermayer
git at videolan.org
Fri Dec 16 06:25:16 CET 2011
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Dec 16 06:13:04 2011 +0100| [62adc60b97d854507d07a21b2f370ab5c69e6b7b] | committer: Michael Niedermayer
avidec: Check that the header chunks fit in the available filesize.
Fixes Ticket771
Bug found by: Diana Elena Muscalu
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=62adc60b97d854507d07a21b2f370ab5c69e6b7b
---
libavformat/avidec.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 05f5d58..ec543d7 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -387,6 +387,11 @@ static int avi_read_header(AVFormatContext *s, AVFormatParameters *ap)
tag = avio_rl32(pb);
size = avio_rl32(pb);
+ if(size > avi->fsize){
+ av_log(s, AV_LOG_ERROR, "chunk size is too big during header parsing\n");
+ goto fail;
+ }
+
print_tag("tag", tag, size);
switch(tag) {
More information about the ffmpeg-cvslog
mailing list