OSDN Git Service
(root)
/
android-x86
/
external-ffmpeg.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
e4d1621
)
asfdec: check for too small size in asf_read_unknown
author
Andreas Cadhalpun
<andreas.cadhalpun@googlemail.com>
Wed, 6 Jan 2016 19:59:58 +0000
(20:59 +0100)
committer
Luca Barbato
<lu_zero@gentoo.org>
Sun, 7 Feb 2016 02:12:33 +0000
(
03:12
+0100)
This fixes infinite loops due to seeking back.
Signed-off-by: Alexandra Hájková <alexandra@khirnov.net>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
libavformat/asfdec.c
patch
|
blob
|
history
diff --git
a/libavformat/asfdec.c
b/libavformat/asfdec.c
index
aef61bb
..
cbab9a2
100644
(file)
--- a/
libavformat/asfdec.c
+++ b/
libavformat/asfdec.c
@@
-190,8
+190,13
@@
static int asf_read_unknown(AVFormatContext *s, const GUIDParseTable *g)
if ((ret = detect_unknown_subobject(s, asf->unknown_offset,
asf->unknown_size)) < 0)
return ret;
- } else
+ } else {
+ if (size < 24) {
+ av_log(s, AV_LOG_ERROR, "Too small size %"PRIu64" (< 24).\n", size);
+ return AVERROR_INVALIDDATA;
+ }
avio_skip(pb, size - 24);
+ }
return 0;
}