From f5a9c35f886508b851011b7dd4ec18cc67b57d37 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Mon, 9 Jul 2012 14:10:52 -0400 Subject: [PATCH] caf: fix 'pakt' chunk parsing according to the CAF specification: "... the value for mChunkSize can be greater than the actual valid content of the packet table chunk" --- libavformat/cafdec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c index 4a04cb0b05..90e97a10bd 100644 --- a/libavformat/cafdec.c +++ b/libavformat/cafdec.c @@ -192,10 +192,11 @@ static int read_pakt_chunk(AVFormatContext *s, int64_t size) st->duration += caf->frames_per_packet ? caf->frames_per_packet : ff_mp4_read_descr_len(pb); } - if (avio_tell(pb) - ccount != size) { + if (avio_tell(pb) - ccount > size) { av_log(s, AV_LOG_ERROR, "error reading packet table\n"); - return -1; + return AVERROR_INVALIDDATA; } + avio_skip(pb, ccount + size - avio_tell(pb)); caf->num_bytes = pos; return 0;