[FFmpeg-cvslog] matroskadec: check element size against stream limit in ebml_parse_elem()
Michael Niedermayer
git at videolan.org
Sat Aug 4 02:34:20 CEST 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Aug 4 02:27:51 2012 +0200| [668c873bedfe9cf415153c3126c8e75d4ec712aa] | committer: Michael Niedermayer
matroskadec: check element size against stream limit in ebml_parse_elem()
Fixes Ticket1195
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=668c873bedfe9cf415153c3126c8e75d4ec712aa
---
libavformat/matroskadec.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index f757632..2c954af 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -945,7 +945,10 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska,
return ebml_parse_nest(matroska, syntax->def.n, data);
case EBML_PASS: return ebml_parse_id(matroska, syntax->def.n, id, data);
case EBML_STOP: return 1;
- default: return avio_skip(pb,length)<0 ? AVERROR(EIO) : 0;
+ default:
+ if(ffio_limit(pb, length) != length)
+ return AVERROR(EIO);
+ return avio_skip(pb,length)<0 ? AVERROR(EIO) : 0;
}
if (res == AVERROR_INVALIDDATA)
av_log(matroska->ctx, AV_LOG_ERROR, "Invalid element\n");
More information about the ffmpeg-cvslog
mailing list