[FFmpeg-cvslog] asfdec: check for too small size in asf_read_unknown
Andreas Cadhalpun
git at videolan.org
Tue Feb 16 18:38:05 CET 2016
ffmpeg | branch: master | Andreas Cadhalpun <andreas.cadhalpun at googlemail.com> | Wed Jan 6 20:59:58 2016 +0100| [bf50607ab76157ba251a01f5baa5cf67b23b2ee9] | committer: Luca Barbato
asfdec: check for too small size in asf_read_unknown
This fixes infinite loops due to seeking back.
Signed-off-by: Alexandra Hájková <alexandra at khirnov.net>
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bf50607ab76157ba251a01f5baa5cf67b23b2ee9
---
libavformat/asfdec.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index aef61bb..cbab9a2 100644
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -190,8 +190,13 @@ static int asf_read_unknown(AVFormatContext *s, const GUIDParseTable *g)
if ((ret = detect_unknown_subobject(s, asf->unknown_offset,
asf->unknown_size)) < 0)
return ret;
- } else
+ } else {
+ if (size < 24) {
+ av_log(s, AV_LOG_ERROR, "Too small size %"PRIu64" (< 24).\n", size);
+ return AVERROR_INVALIDDATA;
+ }
avio_skip(pb, size - 24);
+ }
return 0;
}
More information about the ffmpeg-cvslog
mailing list