[FFmpeg-devel] [PATCH 2/3] cafdec: prevent overreading the info chunk

Anton Khirnov anton
Thu Mar 3 13:51:56 CET 2011


---
 libavformat/cafdec.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index d98c4bf..715dfdf 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -182,11 +182,12 @@ static void read_info_chunk(AVFormatContext *s, int64_t size)
     AVIOContext *pb = s->pb;
     unsigned int i;
     unsigned int nb_entries = avio_rb32(pb);
+    size -= 4;
     for (i = 0; i < nb_entries; i++) {
         char key[32];
         char value[1024];
-        get_strz(pb, key, sizeof(key));
-        get_strz(pb, value, sizeof(value));
+        size -= avio_get_str(pb, size, key,   sizeof(key));
+        size -= avio_get_str(pb, size, value, sizeof(value));
         av_metadata_set2(&s->metadata, key, value, 0);
     }
 }
-- 
1.7.4.1




More information about the ffmpeg-devel mailing list