[FFmpeg-devel] [PATCH v2 7/8] avformat/wavdec: fix s337m/spdif probing beyond data_end
Carl Eugen Hoyos
ceffmpeg at gmail.com
Wed Jan 15 14:39:09 EET 2020
Am Mi., 15. Jan. 2020 um 11:56 Uhr schrieb Nicolas Gaullier
<nicolas.gaullier at cji.paris>:
>
> ---
> libavformat/wavdec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c
> index 3571733817..d8a27c79cf 100644
> --- a/libavformat/wavdec.c
> +++ b/libavformat/wavdec.c
> @@ -77,7 +77,7 @@ static void set_spdif_s337m(AVFormatContext *s, WAVDemuxContext *wav)
> ret = AVERROR(ENOMEM);
> } else {
> int64_t pos = avio_tell(s->pb);
> - len = ret = avio_read(s->pb, buf, len);
> + len = ret = avio_read(s->pb, buf, FFMIN(len, wav->data_end - pos));
Sorry if this was already answered:
What exactly does this fix? Is it possible that avio_read() overreads without
this check?
Carl Eugen
More information about the ffmpeg-devel
mailing list