[FFmpeg-cvslog] electronicarts: check size before reading duration out of a chunk.
Michael Niedermayer
git at videolan.org
Sat Nov 17 20:50:47 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Nov 17 19:56:26 2012 +0100| [fb1ea777b3a01be6d71a103529ad37982707cacc] | committer: Michael Niedermayer
electronicarts: check size before reading duration out of a chunk.
Fixes null pointer dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fb1ea777b3a01be6d71a103529ad37982707cacc
---
libavformat/electronicarts.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/electronicarts.c b/libavformat/electronicarts.c
index 82bc0e2..5b821a9 100644
--- a/libavformat/electronicarts.c
+++ b/libavformat/electronicarts.c
@@ -545,10 +545,12 @@ static int ea_read_packet(AVFormatContext *s,
case AV_CODEC_ID_ADPCM_EA_R1:
case AV_CODEC_ID_ADPCM_EA_R2:
case AV_CODEC_ID_ADPCM_IMA_EA_EACS:
- pkt->duration = AV_RL32(pkt->data);
+ if (pkt->size >= 4)
+ pkt->duration = AV_RL32(pkt->data);
break;
case AV_CODEC_ID_ADPCM_EA_R3:
- pkt->duration = AV_RB32(pkt->data);
+ if (pkt->size >= 4)
+ pkt->duration = AV_RB32(pkt->data);
break;
case AV_CODEC_ID_ADPCM_IMA_EA_SEAD:
pkt->duration = ret * 2 / ea->num_channels;
More information about the ffmpeg-cvslog
mailing list