[FFmpeg-devel] [PATCH] mkv 0-byte integer parsing

Reimar Döffinger Reimar.Doeffinger
Sun Sep 5 17:51:53 CEST 2010


On Sun, Sep 05, 2010 at 04:22:43PM +0200, Sebastian Hagen wrote:
> Index: libavformat/matroskadec.c
> ===================================================================
> --- libavformat/matroskadec.c	(revision 25042)
> +++ libavformat/matroskadec.c	(working copy)
> @@ -583,7 +583,7 @@
>  {
>      int n = 0;
>  
> -    if (size < 1 || size > 8)
> +    if (size > 8)
>          return AVERROR_INVALIDDATA;

AFAIK this makes it also accept negative size (and it seems it
always accepted a length value like
0xffff00000001
treating it as "1".
Attached patch adds a length check for that case (this is independant
of this patch though).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mkvlen.diff
Type: text/x-diff
Size: 1432 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100905/637a7b4c/attachment.diff>



More information about the ffmpeg-devel mailing list