[FFmpeg-devel] [PATCH] matroskadec: Fix a buffer overread
David Conrad
lessen42
Sun Mar 7 03:27:07 CET 2010
On Mar 6, 2010, at 9:35 AM, Aurelien Jacobs wrote:
> On Fri, Mar 05, 2010 at 10:54:56PM -0500, David Conrad wrote:
>> ---
>> libavformat/matroskadec.c | 6 ++++++
>> 1 files changed, 6 insertions(+), 0 deletions(-)
>>
>> diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
>> index 84d06c7..3ee9f39 100644
>> --- a/libavformat/matroskadec.c
>> +++ b/libavformat/matroskadec.c
>> @@ -1676,6 +1676,11 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
>> int offset = 0, pkt_size = lace_size[n];
>> uint8_t *pkt_data = data;
>>
>> + if (lace_size[n] > size) {
>> + av_log(matroska->ctx, AV_LOG_ERROR, "Invalid packet size\n");
>> + continue;
>> + }
>
> Why 'continue' ? I guess that when one lace is broken it's useless
> (or even wrong) to try to read next lace, starting where previous lace
> was supposed to start...
> So I guess that 'break' would be better than 'continue'.
> Except that, patch looks OK.=
Applied with 'break'
More information about the ffmpeg-devel
mailing list