[FFmpeg-devel] [PATCH 3/3] nutdec: abort if EOF is reached in decode_info_header/read_sm_data

Michael Niedermayer michaelni at gmx.at
Wed May 20 17:28:17 CEST 2015


On Wed, May 20, 2015 at 04:35:21PM +0200, Andreas Cadhalpun wrote:
> On 20.05.2015 03:46, Michael Niedermayer wrote:
> > On Wed, May 20, 2015 at 12:50:00AM +0200, Andreas Cadhalpun wrote:
> >> These loops can take a lot of time if count is very large.
> >>
> >> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> >> ---
> >>  libavformat/nutdec.c | 8 ++++++++
> >>  1 file changed, 8 insertions(+)
> >>
> >> diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
> >> index e979ee6..ad61d7e 100644
> >> --- a/libavformat/nutdec.c
> >> +++ b/libavformat/nutdec.c
> >> @@ -524,6 +524,10 @@ static int decode_info_header(NUTContext *nut)
> >>      }
> >>  
> >>      for (i = 0; i < count; i++) {
> >> +        if (bc->eof_reached) {
> >> +            av_log(s, AV_LOG_ERROR, "reached EOF while decoding info header\n");
> >> +            return AVERROR_INVALIDDATA;
> >> +        }
> >>          get_str(bc, name, sizeof(name));
> > 
> > this could check the return code from get_str()
> > which would return failure on EOF already i think
> > that would be slightly simpler
> 
> No, get_str only fails if len > maxlen, which is not necessarily
> the case on EOF.

fixed, get_str() should now return an error when it hits EOF

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Good people do not need laws to tell them to act responsibly, while bad
people will find a way around the laws. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150520/5d04e608/attachment.asc>


More information about the ffmpeg-devel mailing list