[FFmpeg-cvslog] riff: fix infinite loop

Tue Feb 5 18:36:08 CET 2013

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Feb  5 18:31:27 2013 +0100| [a8343bfb6a3f00777943b94ff2969422f578f246] | committer: Michael Niedermayer

riff: fix infinite loop

Fixes Ticket2241

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a8343bfb6a3f00777943b94ff2969422f578f246
---

 libavformat/riff.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libavformat/riff.c b/libavformat/riff.c
index 508beb1..0df5c8c 100644
--- a/libavformat/riff.c
+++ b/libavformat/riff.c
@@ -818,7 +818,13 @@ int ff_read_riff_info(AVFormatContext *s, int64_t size)
 
         chunk_code = avio_rl32(pb);
         chunk_size = avio_rl32(pb);
-
+        if (url_feof(pb)) {
+            if (chunk_code || chunk_size) {
+                av_log(s, AV_LOG_WARNING, "INFO subchunk truncated\n");
+                return AVERROR_INVALIDDATA;
+            }
+            break;
+        }
         if (chunk_size > end || end - chunk_size < cur || chunk_size == UINT_MAX) {
             avio_seek(pb, -9, SEEK_CUR);
             chunk_code = avio_rl32(pb);

