[FFmpeg-cvslog] avcodec/utils: add some saftey checks to add_metadata_from_side_data()
Michael Niedermayer
git at videolan.org
Thu Jan 16 02:46:54 CET 2014
ffmpeg | branch: release/1.2 | Michael Niedermayer <michaelni at gmx.at> | Sat Oct 19 17:52:47 2013 +0200| [252002aec13bbe4cd914ad6ae4658d1723093243] | committer: Michael Niedermayer
avcodec/utils: add some saftey checks to add_metadata_from_side_data()
This fixes potential overreads with crafted files.
Found-by: wm4
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 838f461b0716393a1b5c70efd03de1e8bc197380)
Conflicts:
libavcodec/utils.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=252002aec13bbe4cd914ad6ae4658d1723093243
---
libavcodec/utils.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 2fd61e6..969fe0c 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -1647,10 +1647,17 @@ static int add_metadata_from_side_data(AVCodecContext *avctx, AVFrame *frame)
if (!side_metadata)
goto end;
end = side_metadata + size;
+ if (size && end[-1])
+ return AVERROR_INVALIDDATA;
while (side_metadata < end) {
const uint8_t *key = side_metadata;
const uint8_t *val = side_metadata + strlen(key) + 1;
- int ret = av_dict_set(ff_frame_get_metadatap(frame), key, val, 0);
+ int ret;
+
+ if (val >= end)
+ return AVERROR_INVALIDDATA;
+
+ ret = av_dict_set(ff_frame_get_metadatap(frame), key, val, 0);
if (ret < 0)
break;
side_metadata = val + strlen(val) + 1;
More information about the ffmpeg-cvslog
mailing list