[FFmpeg-cvslog] avidec: Check that the header chunks fit in the available filesize.

Joakim Plate elupus at ecce.se
Fri Dec 16 10:19:19 CET 2011


> @@ -387,6 +387,11 @@ static int avi_read_header(AVFormatContext *s, 
AVFormatParameters *ap)
>          tag = avio_rl32(pb);
>          size = avio_rl32(pb);
> 
> +        if(size > avi->fsize){
> +            av_log(s, AV_LOG_ERROR, "chunk size is too big during header 
parsing\n");
> +            goto fail;
> +        }
> +
>          print_tag("tag", tag, size);
> 


This seem like it would only work for the first tag in the file?
After that the remaining size is not fsize but fsize - avio_pos().
Also i'm a bit concerned about growing avi files (only riff size known).
But that may be unjustified.



More information about the ffmpeg-cvslog mailing list