[FFmpeg-devel] [PATCH 5/5] asfdec_o: check for too small size in asf_read_unknown
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Fri Jan 15 01:03:24 CET 2016
On 06.01.2016 19:56, Andreas Cadhalpun wrote:
> This fixes infinite loops due to seeking back.
> ---
> libavformat/asfdec_o.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c
> index ca4a066..bc79f10 100644
> --- a/libavformat/asfdec_o.c
> +++ b/libavformat/asfdec_o.c
> @@ -190,8 +190,13 @@ static int asf_read_unknown(AVFormatContext *s, const GUIDParseTable *g)
> if ((ret = detect_unknown_subobject(s, asf->unknown_offset,
> asf->unknown_size)) < 0)
> return ret;
> - } else
> + } else {
> + if (size < 24) {
> + av_log(s, AV_LOG_ERROR, "Too small size %"PRIu64" (< 24).\n", size);
> + return AVERROR_INVALIDDATA;
> + }
> avio_skip(pb, size - 24);
> + }
>
> return 0;
> }
>
Pushed now, as Alexandra (the author over at Libav) seems fine with it.
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list