[FFmpeg-cvslog] ape: skip packets with invalid size
Justin Ruggles
git at videolan.org
Tue Feb 7 02:03:00 CET 2012
ffmpeg | branch: master | Justin Ruggles <justin.ruggles at gmail.com> | Sat Feb 4 17:08:34 2012 -0500| [f1c3d4a68a743c1b274dc764e54e2df276a7c774] | committer: Justin Ruggles
ape: skip packets with invalid size
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f1c3d4a68a743c1b274dc764e54e2df276a7c774
---
libavformat/ape.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/libavformat/ape.c b/libavformat/ape.c
index 8145db3..4d13e48 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -379,6 +379,14 @@ static int ape_read_packet(AVFormatContext * s, AVPacket * pkt)
else
nblocks = ape->blocksperframe;
+ if (ape->frames[ape->currentframe].size <= 0 ||
+ ape->frames[ape->currentframe].size > INT_MAX - extra_size) {
+ av_log(s, AV_LOG_ERROR, "invalid packet size: %d\n",
+ ape->frames[ape->currentframe].size);
+ ape->currentframe++;
+ return AVERROR(EIO);
+ }
+
if (av_new_packet(pkt, ape->frames[ape->currentframe].size + extra_size) < 0)
return AVERROR(ENOMEM);
More information about the ffmpeg-cvslog
mailing list