[FFmpeg-cvslog] omadec: check GEOB sizes against buffer size
Michael Niedermayer
git at videolan.org
Mon Apr 16 14:10:23 CEST 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Apr 16 13:51:40 2012 +0200| [e74fa25cb9f29aee8a36df0c8e492f8bafdbe4a0] | committer: Michael Niedermayer
omadec: check GEOB sizes against buffer size
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e74fa25cb9f29aee8a36df0c8e492f8bafdbe4a0
---
libavformat/omadec.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/libavformat/omadec.c b/libavformat/omadec.c
index 4777c13..c88d4f4 100644
--- a/libavformat/omadec.c
+++ b/libavformat/omadec.c
@@ -219,6 +219,10 @@ static int decrypt_init(AVFormatContext *s, ID3v2ExtraMeta *em, uint8_t *header)
av_log(s, AV_LOG_ERROR, "Invalid encryption header\n");
return -1;
}
+ if (oc->k_size + oc->e_size + oc->i_size > geob->datasize) {
+ av_log(s, AV_LOG_ERROR, "Too little GEOB data\n");
+ return AVERROR_INVALIDDATA;
+ }
oc->rid = AV_RB32(&gdata[OMA_ENC_HEADER_SIZE + 28]);
av_log(s, AV_LOG_DEBUG, "RID: %.8x\n", oc->rid);
More information about the ffmpeg-cvslog
mailing list