|
|
|
@@ -356,11 +356,11 @@ int ff_amf_tag_size(const uint8_t *data, const uint8_t *data_end) |
|
|
|
data++; |
|
|
|
break; |
|
|
|
} |
|
|
|
if (data + size >= data_end || data + size < data) |
|
|
|
if (size < 0 || size >= data_end - data) |
|
|
|
return -1; |
|
|
|
data += size; |
|
|
|
t = ff_amf_tag_size(data, data_end); |
|
|
|
if (t < 0 || data + t >= data_end) |
|
|
|
if (t < 0 || t >= data_end - data) |
|
|
|
return -1; |
|
|
|
data += t; |
|
|
|
} |
|
|
|
@@ -389,7 +389,7 @@ int ff_amf_get_field_value(const uint8_t *data, const uint8_t *data_end, |
|
|
|
int size = bytestream_get_be16(&data); |
|
|
|
if (!size) |
|
|
|
break; |
|
|
|
if (data + size >= data_end || data + size < data) |
|
|
|
if (size < 0 || size >= data_end - data) |
|
|
|
return -1; |
|
|
|
data += size; |
|
|
|
if (size == namelen && !memcmp(data-size, name, namelen)) { |
|
|
|
@@ -410,7 +410,7 @@ int ff_amf_get_field_value(const uint8_t *data, const uint8_t *data_end, |
|
|
|
return 0; |
|
|
|
} |
|
|
|
len = ff_amf_tag_size(data, data_end); |
|
|
|
if (len < 0 || data + len >= data_end || data + len < data) |
|
|
|
if (len < 0 || len >= data_end - data) |
|
|
|
return -1; |
|
|
|
data += len; |
|
|
|
} |
|
|
|
@@ -481,13 +481,13 @@ static void ff_amf_tag_contents(void *ctx, const uint8_t *data, const uint8_t *d |
|
|
|
data++; |
|
|
|
break; |
|
|
|
} |
|
|
|
if (data + size >= data_end || data + size < data) |
|
|
|
if (size < 0 || size >= data_end - data) |
|
|
|
return; |
|
|
|
data += size; |
|
|
|
av_log(ctx, AV_LOG_DEBUG, " %s: ", buf); |
|
|
|
ff_amf_tag_contents(ctx, data, data_end); |
|
|
|
t = ff_amf_tag_size(data, data_end); |
|
|
|
if (t < 0 || data + t >= data_end) |
|
|
|
if (t < 0 || t >= data_end - data) |
|
|
|
return; |
|
|
|
data += t; |
|
|
|
} |
|
|
|
|
Xi Wang
Michael Niedermayer
12 years ago