Browse Source

asfdec: check for too small size in asf_read_unknown

This fixes infinite loops due to seeking back.

Signed-off-by: Alexandra Hájková <alexandra@khirnov.net>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
tags/n3.1
Andreas Cadhalpun Luca Barbato 10 years ago
parent
commit
bf50607ab7
1 changed files with 6 additions and 1 deletions
  1. +6
    -1
      libavformat/asfdec.c

+ 6
- 1
libavformat/asfdec.c View File

@@ -190,8 +190,13 @@ static int asf_read_unknown(AVFormatContext *s, const GUIDParseTable *g)
if ((ret = detect_unknown_subobject(s, asf->unknown_offset,
asf->unknown_size)) < 0)
return ret;
} else
} else {
if (size < 24) {
av_log(s, AV_LOG_ERROR, "Too small size %"PRIu64" (< 24).\n", size);
return AVERROR_INVALIDDATA;
}
avio_skip(pb, size - 24);
}

return 0;
}


Loading…
Cancel
Save