[FFmpeg-devel] [PATCH] avformat/3dostr: Check remaining buffer in probe before 8 byte step

Michael Niedermayer michael at niedermayer.cc
Sat Sep 19 01:26:36 EEST 2020


Fixes: segfault
Fixes: signal_sigabrt_7ffff6ae7cc9_7213_0d6457b9d6897fa7c78507fa5de53510.ts
Regression since: 3ac45bf66561a667260cac37223c0393f7333fca

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavformat/3dostr.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/libavformat/3dostr.c b/libavformat/3dostr.c
index 2d92b46570..2a35d661c3 100644
--- a/libavformat/3dostr.c
+++ b/libavformat/3dostr.c
@@ -29,10 +29,9 @@ static int threedostr_probe(const AVProbeData *p)
         unsigned chunk = AV_RL32(p->buf + i);
         unsigned size  = AV_RB32(p->buf + i + 4);
 
-        i += 8;
         if (size < 8 || p->buf_size - i < size)
             return 0;
-
+        i += 8;
         size -= 8;
         switch (chunk) {
         case MKTAG('C','T','R','L'):
-- 
2.17.1



More information about the ffmpeg-devel mailing list