[FFmpeg-devel] [PATCH 3/5] asfdec_o: make sure packet_size is non-zero before seeking

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Wed Jan 6 19:55:30 CET 2016


This fixes infinite loops due to seeking back.
---
 libavformat/asfdec_o.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c
index b81519f..4a3c815 100644
--- a/libavformat/asfdec_o.c
+++ b/libavformat/asfdec_o.c
@@ -1287,6 +1287,10 @@ static int asf_read_payload(AVFormatContext *s, AVPacket *pkt)
         }
         if (!asf_pkt) {
             if (asf->packet_offset + asf->packet_size <= asf->data_offset + asf->data_size) {
+                if (!asf->packet_size) {
+                    av_log(s, AV_LOG_ERROR, "Invalid packet size 0.\n");
+                    return AVERROR_INVALIDDATA;
+                }
                 avio_seek(pb, asf->packet_offset + asf->packet_size, SEEK_SET);
                 av_log(s, AV_LOG_WARNING, "Skipping the stream with the invalid stream index %d.\n",
                        asf->stream_index);
-- 
2.6.4



More information about the ffmpeg-devel mailing list