At least one FATE sample contains such chunks and happens to work simply
by accident (due to find_stream_info() swallowing the error).
CC: libav-stable@libav.org
while (!packet_read) {
chunk_type = avio_rl32(pb);
chunk_size = ea->big_endian ? avio_rb32(pb) : avio_rl32(pb);
- if (chunk_size <= 8)
+ if (chunk_size < 8)
return AVERROR_INVALIDDATA;
chunk_size -= 8;
avio_skip(pb, 8);
chunk_size -= 12;
}
+ if (!chunk_size)
+ continue;
+
ret = av_get_packet(pb, pkt, chunk_size);
if (ret < 0)
return ret;
goto get_video_packet;
case mTCD_TAG:
+ if (chunk_size < 8)
+ return AVERROR_INVALIDDATA;
+
avio_skip(pb, 8); // skip ea DCT header
chunk_size -= 8;
goto get_video_packet;
key = AV_PKT_FLAG_KEY;
case MV0F_TAG:
get_video_packet:
+ if (!chunk_size)
+ continue;
+
ret = av_get_packet(pb, pkt, chunk_size);
if (ret < 0)
return ret;