RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

asfdec_o: reject size > INT64_MAX in asf_read_unknown 

Both avio_skip and detect_unknown_subobject use int64_t for the size
parameter.

This fixes a segmentation fault due to infinite recursion.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This commit is contained in:
Andreas Cadhalpun 2016-01-05 13:20:11 +01:00
parent 763c572801
commit aa18016996
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavformat/asfdec_o.c
View File

@ -178,6 +178,9 @@ static int asf_read_unknown(AVFormatContext *s, const GUIDParseTable *g)
uint64_t size = avio_rl64(pb); uint64_t size = avio_rl64(pb);
int ret; int ret;
if (size > INT64_MAX)
return AVERROR_INVALIDDATA;
if (asf->is_header) if (asf->is_header)
asf->unknown_size = size; asf->unknown_size = size;
asf->is_header = 0; asf->is_header = 0;