[FFmpeg-cvslog] pmpdec: check packet sizes
Michael Niedermayer
git at videolan.org
Sun Feb 24 00:45:17 CET 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Feb 23 22:05:30 2013 +0100| [066739f6bc628188bdbbd2695196acfd16ec79e1] | committer: Michael Niedermayer
pmpdec: check packet sizes
Reviewed-by: Reimar Döffinger <Reimar.Doeffinger at gmx.de>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=066739f6bc628188bdbbd2695196acfd16ec79e1
---
libavformat/pmpdec.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/libavformat/pmpdec.c b/libavformat/pmpdec.c
index 1ee2e2e..06b2271 100644
--- a/libavformat/pmpdec.c
+++ b/libavformat/pmpdec.c
@@ -49,6 +49,8 @@ static int pmp_header(AVFormatContext *s)
int srate, channels;
int i;
uint64_t pos;
+ int64_t fsize = avio_size(pb);
+
AVStream *vst = avformat_new_stream(s, NULL);
if (!vst)
return AVERROR(ENOMEM);
@@ -100,8 +102,16 @@ static int pmp_header(AVFormatContext *s)
return AVERROR_INVALIDDATA;
}
size >>= 1;
+ if (size < 9 + 4*pmp->num_streams) {
+ av_log(s, AV_LOG_ERROR, "Packet too small\n");
+ return AVERROR_INVALIDDATA;
+ }
av_add_index_entry(vst, pos, i, size, 0, flags);
pos += size;
+ if (fsize > 0 && i == 0 && pos > fsize) {
+ av_log(s, AV_LOG_ERROR, "File ends before first packet\n");
+ return AVERROR_INVALIDDATA;
+ }
}
for (i = 1; i < pmp->num_streams; i++) {
AVStream *ast = avformat_new_stream(s, NULL);
More information about the ffmpeg-cvslog
mailing list