[FFmpeg-cvslog] sierravmd: limit packetsize to the amount that could be read.
Michael Niedermayer
git at videolan.org
Sun Dec 25 00:23:39 CET 2011
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Dec 24 22:06:25 2011 +0100| [47c4713a23d271eedd2eb2c02daa70cb0ea4e0ac] | committer: Michael Niedermayer
sierravmd: limit packetsize to the amount that could be read.
Fixes huge allocations.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=47c4713a23d271eedd2eb2c02daa70cb0ea4e0ac
---
libavformat/sierravmd.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/libavformat/sierravmd.c b/libavformat/sierravmd.c
index faf97b2..f614e51 100644
--- a/libavformat/sierravmd.c
+++ b/libavformat/sierravmd.c
@@ -30,6 +30,7 @@
#include "libavutil/intreadwrite.h"
#include "avformat.h"
#include "internal.h"
+#include "avio_internal.h"
#define VMD_HEADER_SIZE 0x0330
#define BYTES_PER_FRAME_RECORD 16
@@ -246,6 +247,8 @@ static int vmd_read_packet(AVFormatContext *s,
/* position the stream (will probably be there already) */
avio_seek(pb, frame->frame_offset, SEEK_SET);
+ if(ffio_limit(pb, frame->frame_size) != frame->frame_size)
+ return AVERROR(EIO);
if (av_new_packet(pkt, frame->frame_size + BYTES_PER_FRAME_RECORD))
return AVERROR(ENOMEM);
pkt->pos= avio_tell(pb);
More information about the ffmpeg-cvslog
mailing list