[FFmpeg-cvslog] avidec: Check that the header chunks fit in the available filesize.
Joakim Plate
elupus at ecce.se
Fri Dec 16 10:19:19 CET 2011
> @@ -387,6 +387,11 @@ static int avi_read_header(AVFormatContext *s,
AVFormatParameters *ap)
> tag = avio_rl32(pb);
> size = avio_rl32(pb);
>
> + if(size > avi->fsize){
> + av_log(s, AV_LOG_ERROR, "chunk size is too big during header
parsing\n");
> + goto fail;
> + }
> +
> print_tag("tag", tag, size);
>
This seem like it would only work for the first tag in the file?
After that the remaining size is not fsize but fsize - avio_pos().
Also i'm a bit concerned about growing avi files (only riff size known).
But that may be unjustified.
More information about the ffmpeg-cvslog
mailing list