[FFmpeg-cvslog] matroskadec: check element size against stream limit in ebml_parse_elem()

Michael Niedermayer git at videolan.org
Sat Aug 4 02:34:20 CEST 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Aug  4 02:27:51 2012 +0200| [668c873bedfe9cf415153c3126c8e75d4ec712aa] | committer: Michael Niedermayer

matroskadec: check element size against stream limit in ebml_parse_elem()

Fixes Ticket1195

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=668c873bedfe9cf415153c3126c8e75d4ec712aa
---

 libavformat/matroskadec.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index f757632..2c954af 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -945,7 +945,10 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska,
                      return ebml_parse_nest(matroska, syntax->def.n, data);
     case EBML_PASS:  return ebml_parse_id(matroska, syntax->def.n, id, data);
     case EBML_STOP:  return 1;
-    default:         return avio_skip(pb,length)<0 ? AVERROR(EIO) : 0;
+    default:
+        if(ffio_limit(pb, length) != length)
+            return AVERROR(EIO);
+        return avio_skip(pb,length)<0 ? AVERROR(EIO) : 0;
     }
     if (res == AVERROR_INVALIDDATA)
         av_log(matroska->ctx, AV_LOG_ERROR, "Invalid element\n");



More information about the ffmpeg-cvslog mailing list