[FFmpeg-cvslog] ape: skip packets with invalid size

Justin Ruggles git at videolan.org
Tue Feb 7 02:03:00 CET 2012


ffmpeg | branch: master | Justin Ruggles <justin.ruggles at gmail.com> | Sat Feb  4 17:08:34 2012 -0500| [f1c3d4a68a743c1b274dc764e54e2df276a7c774] | committer: Justin Ruggles

ape: skip packets with invalid size

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f1c3d4a68a743c1b274dc764e54e2df276a7c774
---

 libavformat/ape.c |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/libavformat/ape.c b/libavformat/ape.c
index 8145db3..4d13e48 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -379,6 +379,14 @@ static int ape_read_packet(AVFormatContext * s, AVPacket * pkt)
     else
         nblocks = ape->blocksperframe;
 
+    if (ape->frames[ape->currentframe].size <= 0 ||
+        ape->frames[ape->currentframe].size > INT_MAX - extra_size) {
+        av_log(s, AV_LOG_ERROR, "invalid packet size: %d\n",
+               ape->frames[ape->currentframe].size);
+        ape->currentframe++;
+        return AVERROR(EIO);
+    }
+
     if (av_new_packet(pkt,  ape->frames[ape->currentframe].size + extra_size) < 0)
         return AVERROR(ENOMEM);
 



More information about the ffmpeg-cvslog mailing list