falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

avformat/aadec: Check toc_size to contain the minimum to demuxer uses 

Fixes: out of array access
Fixes: stack-buffer-overflow-READ-0x0831fff1

Found-by: GalyCannon <galycannon@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
tags/n4.3
Michael Niedermayer 5 years ago
parent
435fa373d1
commit
daa2482871
1 changed files with 1 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      libavformat/aadec.c

+ 1
- 1
libavformat/aadec.c View File

@@ -92,7 +92,7 @@ static int aa_read_header(AVFormatContext *s)
avio_skip(pb, 4); // magic string
toc_size = avio_rb32(pb); // TOC size
avio_skip(pb, 4); // unidentified integer
if (toc_size > MAX_TOC_ENTRIES)
if (toc_size > MAX_TOC_ENTRIES || toc_size < 2)
return AVERROR_INVALIDDATA;
for (i = 0; i < toc_size; i++) { // read TOC
avio_skip(pb, 4); // TOC entry index


Write Preview
Loading…
Cancel
Save