[PATCH 3/6] Make sure neither data_size nor sample_count is negative

Tomas Härdin tomas.hardin
Thu Mar 3 15:52:32 CET 2011


---
 libavformat/wav.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/libavformat/wav.c b/libavformat/wav.c
index 7aef85e..dca5db0 100644
--- a/libavformat/wav.c
+++ b/libavformat/wav.c
@@ -236,6 +236,11 @@ static int wav_read_header(AVFormatContext *s,
         avio_rl64(pb); /* RIFF size */
         data_size = avio_rl64(pb);
         sample_count = avio_rl64(pb);
+        if (data_size < 0 || sample_count < 0) {
+            av_log(s, AV_LOG_ERROR, "data_size = %li, sample_count = %li\n",
+                   data_size, sample_count);
+            return AVERROR_INVALIDDATA;
+        }
         avio_seek(pb, size - 16, SEEK_CUR); /* skip rest of ds64 chunk */
     }
 
-- 
1.7.1


--------------030703010608060802000301--



More information about the ffmpeg-devel mailing list