[FFmpeg-cvslog] shorten: validate values in fmt chunk search
Michael Niedermayer
git at videolan.org
Sun Dec 25 19:07:26 CET 2011
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sun Dec 25 12:31:23 2011 +0100| [5e9a56a0350c518cd4b38845aff49d41a9c952ae] | committer: Michael Niedermayer
shorten: validate values in fmt chunk search
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5e9a56a0350c518cd4b38845aff49d41a9c952ae
---
libavcodec/shorten.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 1906c69..ef58aaa 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -205,7 +205,7 @@ static int decode_wave_header(AVCodecContext *avctx, const uint8_t *header,
{
int len;
short wave_format;
-
+ const uint8_t *end= header + header_size;
if (bytestream_get_le32(&header) != MKTAG('R','I','F','F')) {
av_log(avctx, AV_LOG_ERROR, "missing RIFF tag\n");
@@ -221,6 +221,8 @@ static int decode_wave_header(AVCodecContext *avctx, const uint8_t *header,
while (bytestream_get_le32(&header) != MKTAG('f','m','t',' ')) {
len = bytestream_get_le32(&header);
+ if(len<0 || end - header - 8 < len)
+ return AVERROR_INVALIDDATA;
header += len;
}
len = bytestream_get_le32(&header);
More information about the ffmpeg-cvslog
mailing list