From 2cd41c5d52307b4fff7d2626dca16663f269b2be Mon Sep 17 00:00:00 2001 From: Hendrik Leppkes Date: Sun, 29 Nov 2015 15:32:39 +0100 Subject: [PATCH] Merge commit '8375dc1dd101d51baa430f34c0bcadfa37873896' * commit '8375dc1dd101d51baa430f34c0bcadfa37873896': asfdec: handle the case when the stream index has an invalid value better Merged-by: Hendrik Leppkes (cherry picked from commit bf67ae3cfa28ea3c126a6d23f44d9fbb5222b54b) Signed-off-by: Andreas Cadhalpun --- libavformat/asfdec_o.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c index 6b4216cab5..4a6400019a 100644 --- a/libavformat/asfdec_o.c +++ b/libavformat/asfdec_o.c @@ -1276,8 +1276,16 @@ static int asf_read_payload(AVFormatContext *s, AVPacket *pkt) break; } } - if (!asf_pkt) - return AVERROR_INVALIDDATA; + if (!asf_pkt) { + if (asf->packet_offset + asf->packet_size <= asf->data_offset + asf->data_size) { + avio_seek(pb, asf->packet_offset + asf->packet_size, SEEK_SET); + av_log(s, AV_LOG_WARNING, "Skipping the stream with the invalid stream index %d.\n", + asf->stream_index); + return AVERROR(EAGAIN); + } else + return AVERROR_INVALIDDATA; + } + if (stream_num >> 7) asf_pkt->flags |= AV_PKT_FLAG_KEY; READ_LEN(asf->prop_flags & ASF_PL_MASK_MEDIA_OBJECT_NUMBER_LENGTH_FIELD_SIZE, @@ -1418,8 +1426,14 @@ static int asf_read_packet(AVFormatContext *s, AVPacket *pkt) else asf->state = READ_MULTI; } - if ((ret = asf_read_payload(s, pkt)) < 0) + ret = asf_read_payload(s, pkt); + if (ret == AVERROR(EAGAIN)) { + asf->state = PARSE_PACKET_HEADER; + continue; + } + else if (ret < 0) return ret; + switch (asf->state) { case READ_SINGLE: if (!asf->sub_left)