RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

id3v2: prevent unsigned integer overflow in ff_id3v2_parse() 

In ff_id3v2_parse(), prevent unsigned integer overflow if data length
indicator is skipped and tlen is < 4.

Fix crash decoding file Allaby_cut.mp3, fix trac issue #182.
This commit is contained in:
Stefano Sabatini 2011-05-18 00:43:25 +02:00
parent b69e5ee902
commit 64be0d1eda
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/id3v2.c
View File

@ -255,6 +255,8 @@ static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t
next = avio_tell(s->pb) + tlen;
if (tflags & ID3v2_FLAG_DATALEN) {
if (tlen < 4)
break;
avio_rb32(s->pb);
tlen -= 4;
}