[FFmpeg-cvslog] avcodec/dvdsub_parser: Check buf_size before reading 32bit packet size

Michael Niedermayer git at videolan.org
Fri Aug 8 16:28:06 CEST 2014


ffmpeg | branch: release/1.1 | Michael Niedermayer <michaelni at gmx.at> | Sat Aug  2 01:15:37 2014 +0200| [1298aa83180edeb49cf7e4038e5a5edfc245cf43] | committer: Michael Niedermayer

avcodec/dvdsub_parser: Check buf_size before reading 32bit packet size

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 81c1657a593b1c0f8e46fca00ead1d30ee1cd418)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1298aa83180edeb49cf7e4038e5a5edfc245cf43
---

 libavcodec/dvdsub_parser.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavcodec/dvdsub_parser.c b/libavcodec/dvdsub_parser.c
index 9a6457e..07ed4f7 100644
--- a/libavcodec/dvdsub_parser.c
+++ b/libavcodec/dvdsub_parser.c
@@ -45,8 +45,9 @@ static int dvdsub_parse(AVCodecParserContext *s,
     DVDSubParseContext *pc = s->priv_data;
 
     if (pc->packet_index == 0) {
-        if (buf_size < 2)
+        if (buf_size < 2 || AV_RB16(buf) && buf_size < 6) {
             return buf_size;
+        }
         pc->packet_len = AV_RB16(buf);
         if (pc->packet_len == 0) /* HD-DVD subpicture packet */
             pc->packet_len = AV_RB32(buf+2);



More information about the ffmpeg-cvslog mailing list