[FFmpeg-cvslog] avformat/mxfdec: fix klv_decode_ber_length return value usage
Marton Balint
git at videolan.org
Thu May 31 00:14:28 EEST 2018
ffmpeg | branch: master | Marton Balint <cus at passwd.hu> | Sun May 27 20:39:09 2018 +0200| [f932e49aab09ffb150aab45746ac7ee669b22b14] | committer: Marton Balint
avformat/mxfdec: fix klv_decode_ber_length return value usage
Signed-off-by: Marton Balint <cus at passwd.hu>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f932e49aab09ffb150aab45746ac7ee669b22b14
---
libavformat/mxfdec.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 7a42555562..40c9e0c3a9 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -372,6 +372,8 @@ static int64_t klv_decode_ber_length(AVIOContext *pb)
while (bytes_num--)
size = size << 8 | avio_r8(pb);
}
+ if (size > INT64_MAX)
+ return AVERROR_INVALIDDATA;
return size;
}
@@ -390,13 +392,17 @@ static int mxf_read_sync(AVIOContext *pb, const uint8_t *key, unsigned size)
static int klv_read_packet(KLVPacket *klv, AVIOContext *pb)
{
+ int64_t length;
if (!mxf_read_sync(pb, mxf_klv_key, 4))
return AVERROR_INVALIDDATA;
klv->offset = avio_tell(pb) - 4;
memcpy(klv->key, mxf_klv_key, 4);
avio_read(pb, klv->key + 4, 12);
- klv->length = klv_decode_ber_length(pb);
- return klv->length == -1 ? -1 : 0;
+ length = klv_decode_ber_length(pb);
+ if (length < 0)
+ return length;
+ klv->length = length;
+ return 0;
}
static int mxf_get_stream_index(AVFormatContext *s, KLVPacket *klv, int body_sid)
@@ -486,7 +492,10 @@ static int mxf_decrypt_triplet(AVFormatContext *s, AVPacket *pkt, KLVPacket *klv
av_aes_init(mxf->aesc, s->key, 128, 1);
}
// crypto context
- avio_skip(pb, klv_decode_ber_length(pb));
+ size = klv_decode_ber_length(pb);
+ if (size < 0)
+ return size;
+ avio_skip(pb, size);
// plaintext offset
klv_decode_ber_length(pb);
plaintext_size = avio_rb64(pb);
More information about the ffmpeg-cvslog
mailing list